Enable Access Token Encryption
For greater security, you can encrypt access tokens before they are persisted. When a user logs in, an access token is created and associated with the user session. During the token generation process, you can ensure that encryption occurs before the token is created. Depending on your release of ThingWorx, follow the appropriate steps below to enable access token encryption.
ThingWorx 9.3 and Later
In the sso-settings.json file, configure the encryptTokenInDatabase parameter as follows:
• If you are using OAuth tokens, set the value to true.
• If you are not using OAuth tokens, set the value to false.
ThingWorx 9.2.x and Earlier
 |
This procedure includes a workaround for the Keyczar tool, which has been deprecated and replaced with Tink in the 9.3 release.
|
1. In the ssoSecurityConfig directory, create a symmetric folder.
2. In the sso-settings.json file, set the value of the keyczarKeyFolderPath parameter to the path of the symmetric folder.
|
|
If the path to your symmetric folder contains spaces, you must either escape the path using double quotes and double backslashes or use a short path format.
Example: "c:\\Program Files (x86)\\ThingWorxFoundation\\ThingworxPlatform\\ssoSecurityConfig\\symmetric"
Example: "C:\\PROGRA~2\\THINGW~1\\ThingworxPlatform\\ssoSecurityConfig\\symmetric"
|
3. Download this symmetric.zip file and unzip it. The following two files are generated:
◦ meta.json
◦ 1
4. Copy both of the generated files to the following path in your ThingWorx installation directory:
<ThingWorx Foundation>\ThingworxPlatform\ssoSecurityConfig\symmetric
5. Configure the encryptTokenInDatabase parameter in the sso-settings.json file as follows:
◦ If you are using OAuth tokens, set the value to true.
◦ If you are not using OAuth tokens, set the value to false.