Community Tip - Want the oppurtunity to discuss enhancements to PTC products? Join a working group! X
Hi,
I have setup Windchill Application 11.0 in SAML authentication mode.
I have used Shibboleth as Service Provider and ADFS as Identity Provider.
This SAML setup works fine on browser. I want to do same using my Connector DAO class using JAVA InfoEngine Connector.
I have used below code :
IeConnectionFactory f1 = new IeConnectionFactory();
IeConnectionSpec connSpc = new IeConnectionSpec();
Principal principal = new Principal() {
@Override
public String getName() {
return "uid=wcadmin,ou=people,cn=administrativeldap,cn=windchill_11.0,o=ptc";
}
};
connSpc.setAuthUser(principal);
connSpc.setProperty("ConnectionURL","https://vinw12wc25125.plugin.local/Windchill/servlet/SimpleTaskDispatcher" );
connSpc.setProperty("signRequests", "TRUE");
connSpc.setProperty("keyStoreType", "PKCS12");
connSpc.setProperty("keyStoreFilename", "C:/demo/user.pfx");
connSpc.setProperty("keyStorePassword", "dkpune");
connSpc.setProperty("certificateAlias", "useralias");
connSpc.setProperty("privateKeyAlias", "useralias");
connSpc.setProperty("privateKeyPassword", "dkpune");
javax.resource.cci.Connection windchillConnection = f1.getConnection(connSpc );
WindchillDAO10_2 dao = new WindchillDAO10_2(windchillConnection);
dao.Query("wt.part.WTPart", "name = Test1", null, new String[]{"*"});
}
catch (Exception e)
{
e.printStackTrace();
}
All certificate details provided are correct.
I get below exception trace :
Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID header0
at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(ResolverFragment.java:89)
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:313)
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:298)
at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:114)
... 9 more
javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID header0
at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:121)
at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:430)
at org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:364)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:496)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:379)
at com.infoengine.connector.IeInteraction.digitallySign(IeInteraction.java:492)
at com.infoengine.connector.IeInteraction.execute(IeInteraction.java:288)
at com.infoengine.connector.DataAccessObject.execute(DataAccessObject.java:187)
at WindchillDAO10_2.Query(WindchillDAO10_2.java:17)
at Test.main(Test.java:33)
Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID header0
at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(ResolverFragment.java:89)
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:313)
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:298)
at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:114)
I dont think native InfoEngine calls are designed to work with SAML/SSO Authentication.
Do you have any idea then how can we achieve this using Java API's ?
That's not how SAML/SSO is supposed to work. May be OAuth could be an option, but native InfoEngine doesn't support that too, and if someone have to design it, it may be a huge undertaking as the information flow is very complex.
The easiest way to do that is, use latest version of Thingworx Navigate 8.5, with OData connector which will allow making calls to InfoEngine services using SAML/SSO/Oauth.
But OData Connector is not supported for Windchill 10.2
Is there no other way I can support using Java API's ?
You can check configuration for WinDU, it supports SSO
Windchill server configured with Single Sign-On (SSO)
If the Windchill server is configured with Single Sign-On (SSO), you need to
update the wt.properties file before running WinDU. The
wt.properties file is located at <Windchill>/codebase.
Add the following values to the
com.ptc.windchill.upgrade.tools.windu.java.args property:
• -Dwt.httpgw.HTTPLogin.authPrefix=protocolAuth
• -Dwt.httpgw.HTTPLogin.enableAuthPrefix=true
I have done all the settings. But their is bug in Windchill InfoEngine Internal Code in class "IeInteraction" in method digitallySign() in ieWeb.jar.
Soap Message formed fails while signing as 'Id' attribute is not set like this :
domsigncontext.setIdAttributeNS(body, null, "id");
Could you post a full stack trace exception?
Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID header0
at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(ResolverFragment.java:89)
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:313)
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:298)
at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:114)
... 9 more
javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID header0
at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:121)
at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:430)
at org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:364)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:496)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:379)
at com.infoengine.connector.IeInteraction.digitallySign(IeInteraction.java:492)
at com.infoengine.connector.IeInteraction.execute(IeInteraction.java:288)
at com.infoengine.connector.DataAccessObject.execute(DataAccessObject.java:187)
at WindchillDAO10_2.Query(WindchillDAO10_2.java:17)
at Test.main(Test.java:33)