Skip to main content
L
LuisCabello13-Aquamarine
13-Aquamarine
November 17, 2023
Solved

SSO Authenticator - ThingworxSSOAuthenticator - TWX 9.4

  • November 17, 2023
  • 1 reply
  • 2417 views

Hello community,

 

we are trying to do SSO in thingworx without using external resources just with the thingworx core.  So the users must to access to one external app loggin and when they logging must to be logged in thingworx and shows the specific TWX mashup.

 

One of the ways that we try is by the ThingworxSSOAuthenticator, but we are not able to put enable this authenticator. 

 

1. What changes in the machine where thingworx is installed we must to do to be able to put enable or just to do SSO? For example modify the platform-settings.json or any other file...

2. What we must to consider to create in thingworx or to do for use this SSO aunthenticator by default?

3. ThingworxSSOAunthenticator is just for Pingfederate? If the answers is yes, the alternative is to create an extension and the question 1 I need to have an answer please.

 

Thank you in advance,

Luis.

Best answer by nmutter

How does the user authenticate in your main App? If you don't use a supported IdP (or protocol which the supported ones use SAML2) which ThingWorx supports my ideas would be:

- Use AppKey in the embedded mashup. Appkey may be generic appkey used by all users, or the backend of your main app requests one in TWX for the currently logged in user (with small lifetime, would be more secure). Note: AppKey in URL is deprecated as stated in linked article (we still use it as there is no (cheap) alternative for us)

- Create custom authenticator which can make use of your existing login details of the main app https://support.ptc.com/help/thingworx/platform/r9/en/#page/ThingWorx/Help/Composer/Security/Authenticators/AuthenticatorSampleExtensionConfiguration.html 

 

FYI there is also this page for embedding TWX mashups in other pages https://support.ptc.com/help/thingworx/platform/r9/en/index.html#page/ThingWorx/Help/Composer/Security/AllowingEmbeddedMashupsiniFrames.html (wont help you with the login issue).

1 reply

N
nmutter16-Pearl
16-Pearl
November 17, 2023

Hey,

checkout the docs here: https://www.ptc.com/en/support/Thingworx-IAM/Thingworx-IAM-main/GettingStartedSSO/SSOStandardUseCases to see which TWX version you are using and then which IdP you need. If e.g. TWX 9.2+ with AzureAD you can directly connect it to TWX and follow the linked instructions (https://support.ptc.com/help/identity_and_access_management/en/#page/iam/AzureADasCASandIdP.html

 

Hope these links help you!

L
LuisCabello13-AquamarineAuthor
13-Aquamarine
November 20, 2023

Hello @nmutter ,

 

thank you for your reply. The use case that we want to cover is the next:

 

LC_9552411_0-1700471779163.png

We have a main app and one module of the app is going to be managed by one thingworx mashup. So, we dont want to use a IdP as Azure,

the idea is when the user log in to the main app, must to be logged also in twx to access to the concrete mashup (module).

 

Any idea about how to do this?

 

Thank you in advance,

Luis.

N
nmutter16-PearlAnswer
16-Pearl
November 20, 2023

How does the user authenticate in your main App? If you don't use a supported IdP (or protocol which the supported ones use SAML2) which ThingWorx supports my ideas would be:

- Use AppKey in the embedded mashup. Appkey may be generic appkey used by all users, or the backend of your main app requests one in TWX for the currently logged in user (with small lifetime, would be more secure). Note: AppKey in URL is deprecated as stated in linked article (we still use it as there is no (cheap) alternative for us)

- Create custom authenticator which can make use of your existing login details of the main app https://support.ptc.com/help/thingworx/platform/r9/en/#page/ThingWorx/Help/Composer/Security/Authenticators/AuthenticatorSampleExtensionConfiguration.html 

 

FYI there is also this page for embedding TWX mashups in other pages https://support.ptc.com/help/thingworx/platform/r9/en/index.html#page/ThingWorx/Help/Composer/Security/AllowingEmbeddedMashupsiniFrames.html (wont help you with the login issue).

    Terms & ConditionsAccessibility statement