AD FS as the CAS and IdP for ThingWorx > Example: AD FS as Central Auth Server and Identity Provider > Configuring Authentication with AD FS > Configure ThingWorx for SSO
Configure ThingWorx for SSO
1. Before beginning to configure ThingWorx for SSO, stop the ThingWorx server.
2. Perform the procedures outlined in Configure ThingWorx for Single Sign-On, in the ThingWorx Help Center, but make the following changes:
In Add the IdP Metadata File – Copy the FederationMetadata.xml file, that you downloaded during the Prerequisites, to the <ThingWorx Installation Folder>/ThingworxPlatform/ssoSecurityConfig folder. Rename the file as sso–idp-metadata.xml.
In Configure the sso-settings.json File – Enter the following values in the BasicSettings component:
metadataEntityId – Use the Relying Party Trust Identifier value you created in Step 9 of the Add Relying Party Trusts procedure.
samlAssertionUserNameAttributeName – Enter the following value:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
3. Copy the sso-keystore.jks into the <ThingWorx Installation Folder>/ThingworxPlatform/ssoSecurityConfig folder. The sso-keystore.jks was created during the Create and Import the ThingWorx Signing Certificate procedure.
4. Import the AD FS Signing certificate, that was exported during the Export the AD FS Signing Certificate procedure, into <ThingWorx Installation Folder>/ThingworxPlatform/ssoSecurityConfig/sso-keystore.jks.
5. Start the ThingWorx server.
6. Verify that the AD FS authentication has been configured properly by using the appropriate credentials to log into ThingWorx Composer as the Administrator user.
Was this helpful?