Design of Authentication Filter
The purpose of this filter is to delegate the ThingWorx authentication to the remote authentication service. The authentication filter follows the standard Windchill authentication architecture.
The following diagram shows the authentication flow:
The following authentication steps expand on the steps shown in the diagram. Each numbered step corresponds with the same number in the diagram:
1. User attempts to access the ThingWorx application.
2. The PTC Identity Provider Authentication Filter intercepts the ThingWorx user request and redirects it to IdP for login.
User sees Windchill login form instead of ThingWorx login form.
3. User enters user name and password in the login form. Windchill authenticates the user.
4. After a successful login, Windchill server redirects request back to ThingWorx with the generated key.
5. The PTC Identity Provider key validation filter reads the key and validates it.
6. The validation filter passes the Windchill user name to the next filter as request attribute. In the process, the next filter is the ThingWorx Authentication Filter.
Authentication is complete.
7. The user display is updated with a ThingWorx window. The authenticator configuration determines the initial window for an authenticated user (as described in the next section).
