3 Replies Latest reply on Apr 11, 2017 3:18 AM by anna RSS
    rkansabanik Newbie

    Redirection on session timeout

    How to redirect to organization form login page after thingworx session timeout ie, the time set in UserManagementSubsystem?

      • Re: Redirection on session timeout
        pchung Collaborator

        I believe the only way right now is to use a custom Authenticator (although the authenticator could just be the piece to capture the timeout and redirect and not do any auth)

        • Re: Redirection on session timeout
          anna Creator

          Hi Reetam Kansabanik,

          Like Pai mentioned, you would need a custom authenticator that when you find they are no longer authenticated, issue a server side “soft redirect” to their login page. We don’t have out of the box support for this in ThingWorx, so you need create an extension yourself.

           

          1. please download ThingWorx Extension SDK from:https://support.ptc.com/appserver/auth/it/esd/product.jsp?prodFamily=TWX  

           

           

           

           

           

          2.  Create an extension yourself following generic procedures how to create an extension. Remember to create a new java class extending CustomAuthenticator.

          Example code that does this:

           

          public class AuthenticatorImpl extends CustomAuthenticator
           {
               private String user;
               private String requestUrl;
               private String password;
               private boolean isFormLogin;
               private boolean isRedirect;
            
              public AuthenticatorImpl()
               {
                   user = null;
                   requestUrl = null;
                   password = null;
                   isFormLogin = true;
                   isRedirect = false;
               }
            
              public boolean matchesAuthRequest(HttpServletRequest httpRequest)
                   throws AuthenticatorException
               {
                   requestUrl = httpRequest.getRequestURL().toString();
                   if((!requestUrl.contains("action-login")) & (!requestUrl.contains("FormLogin")))
                   {
                       isFormLogin = false;
                       isRedirect = true;
                       setRequiresChallenge(true);
                   } else
                   if(requestUrl.contains("action-login"))
                   {
                       user = httpRequest.getParameter("thingworx-form-userid");
                       password = httpRequest.getParameter("thingworx-form-password");
                   }
                   return true;
               }
            
              public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
                   throws AuthenticatorException
               {
                   setCredentials(user, password);
               }
            
              public void issueAuthenticationChallenge(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
                   throws AuthenticatorException
               {
                   if(isRedirect)
                   {
                       String urlString = "/Thingworx/FormLogin/Everyone";//replace with your own organization
                       try
                       {
                           httpResponse.sendRedirect(urlString);
                       }
                       catch(IOException e)
                       {
                           e.printStackTrace();
          
                       }
                   }
               }
            
          }
          
          

           

          3. Import the extension you created into ThingWorx platform, and then open Security->Authenticators,

          you will find the authenticator you created, and please set a priority and click Enabled to take it into effect.

           

          4. Next time when session time out or you manually log out, it will redirect you back to the Form login page.

           

          Hope this helps,

           

          Br,

          Anna

           

           

           

          • Re: Redirection on session timeout
            anna Creator

            Hi Reetam Kansabanik,

            Could you let us know of your new update for this issue? Is your issue resolved? Please mark correct answer or Helpful for the answer for the answers that helps you then we could close this topic and others will know how to do with the similar issue.

            Thanks,

             

            Br,

            Anna