cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Windchill SAML Authentication using InfoEngine Java API

Highlighted
Marble

Windchill SAML Authentication using InfoEngine Java API

Hi,

 

I have setup Windchill Application 11.0 in SAML authentication mode.

I have used Shibboleth as Service Provider and ADFS as Identity Provider.

 

This SAML setup works fine on browser. I want to do same using my Connector DAO class using JAVA InfoEngine Connector.

 

I have used below code :

 

IeConnectionFactory f1 = new IeConnectionFactory();
IeConnectionSpec connSpc = new IeConnectionSpec();

Principal principal = new Principal() {

@Override
public String getName() {
return "uid=wcadmin,ou=people,cn=administrativeldap,cn=windchill_11.0,o=ptc";
}
};

 

connSpc.setAuthUser(principal);
connSpc.setProperty("ConnectionURL","https://vinw12wc25125.plugin.local/Windchill/servlet/SimpleTaskDispatcher" );
connSpc.setProperty("signRequests", "TRUE");
connSpc.setProperty("keyStoreType", "PKCS12");
connSpc.setProperty("keyStoreFilename", "C:/demo/user.pfx");
connSpc.setProperty("keyStorePassword", "dkpune");
connSpc.setProperty("certificateAlias", "useralias");
connSpc.setProperty("privateKeyAlias", "useralias");
connSpc.setProperty("privateKeyPassword", "dkpune");

javax.resource.cci.Connection windchillConnection = f1.getConnection(connSpc );
WindchillDAO10_2 dao = new WindchillDAO10_2(windchillConnection);
dao.Query("wt.part.WTPart", "name = Test1", null, new String[]{"*"});
}
catch (Exception e)
{
e.printStackTrace();
}

 

All certificate details provided are correct.

I get below exception trace :

 

Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID header0
at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(ResolverFragment.java:89)
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:313)
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:298)
at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:114)
... 9 more
javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID header0
at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:121)
at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:430)
at org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:364)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:496)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:379)
at com.infoengine.connector.IeInteraction.digitallySign(IeInteraction.java:492)
at com.infoengine.connector.IeInteraction.execute(IeInteraction.java:288)
at com.infoengine.connector.DataAccessObject.execute(DataAccessObject.java:187)
at WindchillDAO10_2.Query(WindchillDAO10_2.java:17)
at Test.main(Test.java:33)
Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID header0
at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(ResolverFragment.java:89)
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:313)
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:298)
at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:114)

8 REPLIES 8
Highlighted

Re: Windchill SAML Authentication using InfoEngine Java API

I dont think native InfoEngine calls are designed to work with SAML/SSO Authentication.

Highlighted

Re: Windchill SAML Authentication using InfoEngine Java API

Do you have any idea then how can we achieve this using Java API's ?

Highlighted

Re: Windchill SAML Authentication using InfoEngine Java API

That's not how SAML/SSO is supposed to work. May be OAuth could be an option, but native InfoEngine doesn't support that too, and if someone have to design it, it may be a huge undertaking as the information flow is very complex.

 

The easiest way to do that is, use latest version of Thingworx Navigate 8.5, with OData connector which will allow making calls to InfoEngine services using SAML/SSO/Oauth.

Highlighted

Re: Windchill SAML Authentication using InfoEngine Java API

But OData Connector is not supported for Windchill 10.2

http://support.ptc.com/help/navigate/18/en/index.html#page/ThingWorx_Navigate/WCExt_Nav_Common/IETas...

 

Is there no other way I can support using Java API's ?

Highlighted

Re: Windchill SAML Authentication using InfoEngine Java API

You can check configuration for WinDU, it supports SSO

 

Windchill server configured with Single Sign-On (SSO)
If the Windchill server is configured with Single Sign-On (SSO), you need to
update the wt.properties file before running WinDU. The
wt.properties file is located at <Windchill>/codebase.
Add the following values to the
com.ptc.windchill.upgrade.tools.windu.java.args property:
• -Dwt.httpgw.HTTPLogin.authPrefix=protocolAuth
• -Dwt.httpgw.HTTPLogin.enableAuthPrefix=true

Highlighted

Re: Windchill SAML Authentication using InfoEngine Java API

I have done all the settings. But their is bug in Windchill InfoEngine Internal Code in class "IeInteraction" in method digitallySign() in ieWeb.jar.

 

Soap Message formed fails while signing as 'Id' attribute is not set like this :

domsigncontext.setIdAttributeNS(body, null, "id");
 

 

 

 

 

Highlighted

Re: Windchill SAML Authentication using InfoEngine Java API

Could you post a full stack trace exception?

Highlighted

Re: Windchill SAML Authentication using InfoEngine Java API

Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID header0
at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(ResolverFragment.java:89)
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:313)
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:298)
at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:114)
... 9 more
javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID header0
at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:121)
at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:430)
at org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:364)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:496)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:379)
at com.infoengine.connector.IeInteraction.digitallySign(IeInteraction.java:492)
at com.infoengine.connector.IeInteraction.execute(IeInteraction.java:288)
at com.infoengine.connector.DataAccessObject.execute(DataAccessObject.java:187)
at WindchillDAO10_2.Query(WindchillDAO10_2.java:17)
at Test.main(Test.java:33)

Announcements