cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Visit the PTCooler (the community lounge) to get to know your fellow community members and check out some of Dale's Friday Humor posts! X

What is the User password if not provided during creation?

jgabriel
12-Amethyst

What is the User password if not provided during creation?

Can user created without password login to Thingworx? If yes, what is his password?

I need to use custom authentification, so I am hopping that password login is not possible or password is some generated long secure string.

Regards JG.

1 ACCEPTED SOLUTION

Accepted Solutions

At some point in the past, there was a requirement for a user to have a password to be able to login, even if the password within ThingWorx wasn't being used because LDAP was configured as a DirectoryService. This is why the LDAP documentation in KCS has advice on how to create a long, hard-to-break, password for LDAP users ported into ThingWorx in this way. This appears to only be relevant pre-7.4.

Now (7.4+), it appears that users cannot login via BasicAuthentication if a password is not set, even if a null password is given at login.I am fairly sure this would also apply to custom authenticators, but further investigation is required.

View solution in original post

7 REPLIES 7
ankigupta
5-Regular Member
(To:jgabriel)

Hi Jan Gabriel​,

Please refer to the ThingWorx Installation Guide for the default Credentials.

Please make sure to change the password after first login.

jgabriel
12-Amethyst
(To:ankigupta)

I am not asking for default user credentials...

I simply need to know what is the password for user created without password in composer or programmatically?

ankigupta
5-Regular Member
(To:jgabriel)

Jan Gabriel​, Per my understanding; if the password is not set; it would contain some junk value.

jgabriel
12-Amethyst
(To:ankigupta)

That is what I was hopping, some long and secure junk...

jgabriel
12-Amethyst
(To:jgabriel)

As discussed with Tori Tielebein​​ pasword is probably null, which does not allow you to login even with empty password. There might be some versions of TW, where empty password is allowed in this case. Test the version you use, with new user and empty password.

At some point in the past, there was a requirement for a user to have a password to be able to login, even if the password within ThingWorx wasn't being used because LDAP was configured as a DirectoryService. This is why the LDAP documentation in KCS has advice on how to create a long, hard-to-break, password for LDAP users ported into ThingWorx in this way. This appears to only be relevant pre-7.4.

Now (7.4+), it appears that users cannot login via BasicAuthentication if a password is not set, even if a null password is given at login.I am fairly sure this would also apply to custom authenticators, but further investigation is required.

It is also not possible on 7.3.

But there are some API inconsistencies regarding this.

From GUI you dont need to insert password when creating user and data is send to REST API as PUT. Which probably result in password being null and you can not login. On the other hand, when using CreateUser function, password field is required. In that case I use GUID as password, which makes me pretty decent and random password.

Anyway, both method should probably be consistent on needing password or not?

Regards JG.

Top Tags