13 Replies Latest reply on Aug 7, 2017 7:32 AM by jgabriel RSS
    williamv Newbie

    Complete example of Custom Authenticator


    Is there a complete example of a custom authenticator extension?  I have tried to create one from the HelloWorld extension, then extensions manual and the wiki entry for custom authenticators, but Thingworx doesn't detect it as an Authenticator.  

    I have uploaded my eclipse project into the uploads area as SterisAuthenticator.zip and the built extension as SterisAuthenticator_extension.zip

      • Complete example of Custom Authenticator
        adam Creator



        You're off to a good start. Your Authenticator project is structured properly, but there is an issue with your configuration that prevents ThingWorx from creating your Authenticator. After importing the extension that you provided, the following message appeared in the Application Log:

        *** Unable to create Authenticator instance in Authenticator: AuthName=SterisAuthenticator, ClassName=com.steris.thingworx.extensions.SterisAuthenticators ***

        You specified the className in metadata.xml when defining an Authenticator, however your class's name is actually


        . After correcting this typo, the extension imports and the Authenticator is created.

        I haven't seen you post in this forum previously, so I just want to mention that while you are free to post questions in this forum, we also have a new support site at support.ptc.com which has replaced the private forums that were used in the past to provide support. If you have any questions about the new support site, you can respond here and I'll get in touch with you by email.



          • Re: Complete example of Custom Authenticator
            cpitts Newbie

            Hey.  Nevermind.  I got it to work.  I am curious if there's a java function to call in the CustomAuthenticator to make sure that it doesn't fall through to any other authentication types as I need to force the custom authentication to be the only authentication allowed.

          • Re: Complete example of Custom Authenticator
            francky Explorer

            Hello there

            I know it's been long but I hope someone still has this authenticator, or another one, or any example to help me make one myself, pretty please.


            if not, I still have some question unanswered :


            - does this work like a classic Servlet and Thingworx doesn't do any magic with it, like changing the content or the headers of the request or the response


            - what exactly is mandatory so I can use it to authenticate from a custom html form and get connected to Thingworx through an Organization and be on the mashup, if possible without the ugly URL (or, for starters, just emulating the FormLogin page)

            • Re: Complete example of Custom Authenticator
              ttielebein Collaborator

              Hello, please check out this recently published KCS Article Overview on Custom Authenticators

                • Re: Complete example of Custom Authenticator
                  jgabriel Apprentice



                  I was following this article and I got stuck on few thing I could not find explained in docs. Basically I am trying to implement SSO with external system. My meta code is present here: Thingworx custom auth.


                  Simply put I would like to implement this functionality:


                  public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws AuthenticatorException {

                    // Check if user exists, if not create him with name this.user.

                    // Check if this.groups exist and if not add them with no permissions.

                    // Check this.user membership in groups by this.groups and add or remove him accordingly.

                    // Login user.




                  I was trying to experiment like this:


                  User usr = (User)EntityUtilities.findEntity("Test", ThingworxRelationshipTypes.Users);



                  EntityServices es = new EntityServices();

                  InfoTable it = es.GetEntityList("User", null, null, 1.0);

                  es.CreateUser(username, "User Desc.", null, "randompassword");


                  with no luck, getting only null. What am I doing wrong?


                  Any tips and improvements on code or debugging flows (same problems) are welcomed.


                  Problem is pretty straight forward, so in case of comprehensive solution, we can probably use this as example for future reference somewhere.


                  Best regards Jan.

                  • Re: Complete example of Custom Authenticator
                    jgabriel Apprentice

                    Could you please clarify issueAuthenticationChallenge method?


                    No matter setRequiresChallenge(true/false), I always end up there... how do I gracefully fail, log massage and pass to another Auth?


                    This is what I come up with: Thingworx custom AutoAuth · GitHub and it works but only if I throw AuthenticatorException in issueAuthenticationChallenge  method.

                  • Re: Complete example of Custom Authenticator
                    francky Explorer

                    Hi everyone,


                    Not long after I posted this question, I finally got something to work a bit

                    I'm posting it here only now after getting many notifications, several months after the original non-answer because I stopped working with TW and could not find it on my disk


                    Now I found it again, it's clearly not perfect, and maybe it does not even work on more recent versions (6.5 I think at the time) but I hope it helps, (and it did work back then, with my own JSP/J2EE login page !).


                    You can access it HERE


                    If there's any questions I'll continue to answer them. (i'll be quicker if you post issues on Github )


                    Good luck

                    • Re: Complete example of Custom Authenticator
                      mneumann Creator

                      We're currently also discussing this issue within Case 13319467

                      There might be multiple authentication mechanisms required within the Webseal environment. What I've seen from the customer so far on Windchill integration side, there are multiple Webseals that first need to allow communication between two servers before the involved parties can authenticate against each other.