Install and Configure the Experience Service > Installation > Install the Experience Service on Linux
  
Install the Experience Service on Linux
* 
If you are planning on using SSO as your authentication method, see Prepare for Single Sign-On (SSO) to ensure that you’ve completed all prerequisites before continuing with the installation.
The Experience Service installer can be run in one of the following execution modes:
Mode
Description
xwindow
Run the installer with a graphical user interface using X-Windows and the default UI widgets.
gtk
Run the installer with a graphical user interface using X-Windows and GTK UI widgets.
text
Run the installer using a text only interface.
unattended
Run the installer in a mode that does not require input from a user. For more information, see Unattended Mode.
In a graphical environment, double-click the .run installer file. Or, to install from command line, enter the following command:
$ <name of installer file>.run
The installer auto-selects the execution mode. It attempts to run in one of the graphical modes and then switch to text mode if a graphical window manager is not available. To force the installer to run in a particular mode, execute the installer from the command line and specify the execution mode as follows:
$ <name of installer file>.run --mode <execution mode>
The <execution mode> can be any one of the modes listed in the table.
Install an Experience Service as a Non-root User
You can install an Experience Service as a non-root user without using sudo on a Linux system. However, in order to complete the installation you must first be granted the following permissions:
Read, writer, and execute permissions on the parent directory of the target installation directory. For example, if the Experience Service is being installed into the default directory /opt/ptc/studio-es, then you must have read (r), write (w), and execute (x) permissions on the /opt/ptc directory.
If the installation directory already exists, then you must have read (r), write (w), and execute (x) permissions on the installation directory along with ownership of the directory and all of its contents.
* 
When upgrading, if the previous installation was performed by a root user or was performed using sudo and the upgrade is being performed by a non-root user without using sudo, then the file permissions and ownership of the installation directory and its parent directory will most likely need to be updated before proceeding with the installation.
Interactive Modes
When the installer is run in one of the interactive modes (xwindow, gtk, or text), use the following steps to complete the installation:
* 
These steps assume that the installer is being run in one of the graphical execution modes. However, all modes are functionally equivalent.
1. Click Next on the Setup - Experience Service window.
2. Select I accept the agreement and click Next.
3. On the Installation Directory window, accept the default directory, or navigate to a different, empty directory. Click Next.
4. Enter the port and select the Database Type on the Experience Service Configuration window. Click Next.
5. If you selected SQLite as the database type, the SQLite Database window appears. Enter the path to the data file.
* 
You cannot select a file that already exists.
If you selected PostgreSQL as the database type, the Database Configuration window appears. Enter the following PostgreSQL connection information:
Database Hostname
Database Port
Database Name
Database Username
Database Password
PostgreSQL Server requires SSL (indicate that the PostgreSQL server uses TLS for connections)
* 
If you are using the same PostgreSQL instance that is used by the ThingWorx server then the database name and log in/user name used by the Experience Service must be separate from the database name and log in/user name used by the ThingWorx server.
For more information, see the “Database” section in Configuration Parameters.
Click Next.
6. On the TLS Configuration window, select Use HTTPS (TLS) to configure the Experience Service to use the secure HTTPS protocol. Otherwise, select Use HTTP (No TLS) to use the insecure HTTP protocol. Click Next.
For more information, see the “TLS Certificates” section in Configuration Parameters and Transport Layer Security (TLS) Certificates.
7. If you’ve selected Use HTTPS (TLS), select what type of encoded key and certificates you are using, and click Next.
8. Depending on your selection on the previous step, complete one of the following:
If you’ve selected PEM enter the following information:
PEM Private Key—the path to the file that contains the private key.
Encrypted—select this checkbox if the private key file is encrypted, and enter the passphrase used to decrypt the file.
PEM Public Certificate—the path to the file that contains the public certificate.
PEM Intermediate CA Certificate bundle—(optional) the path to the certificate bundle file that holds the certificates for the intermediate CAs.
* 
This is not the certificate for the root CA.
If you’ve selected PCKS12 (PFX) enter the following information:
PCKS12 (PFX) Archive file—the path to the archive file.
Encrypted—select this checkbox if the PCKS12 (PFX) file is encrypted, and enter the passphrase used to decrypt the file.
Click Next.
* 
If the Experience Service is being deployed in a cluster, ensure that the key and certificate file locations are accessible by all instances running in the cluster.
9. On the Data Stores window, enter the following information to configure where the Experience Service data is stored:
Projects Store—the path to the directory where project content is stored.
Representations Store—the path to the directory where representation repository content is stored.
Upgrade Store—the path to the directory where the "success file" for migrators are stored.
* 
If the Experience Service is being deployed in a cluster then ensure that the data store directories are accessible by all instances running in the cluster.
For more information, see the “Content Stores” section in Configuration Parameters.
10. On the Model Target Generation window, select the Enable server-side model target generation checkbox if you want to enable Standard/Advanced Model Target generation. For more information, see Target Generation. At this point, you can continue with the installation without filling out the fields below if you do not want to enable Advanced Model Target generation.
Optionally, if you do want to enable Advanced Model Target generation, fill in the applicable fields upon selecting the Enable server-side model target generation checkbox:
Field
Description
Base URL
URL for the Model Target service. This field is populated for you. The value is:
https://vws.vuforia.com
Token Path
HTTP request path for OAuth2 authentication. This field is populated for you. The value is:
oauth2/token
AMTG Path
HTTP request path for Advanced Model Target generation. This field is populated for you. The value is:
modeltargets/advancedDatasets
Access Key
The value for this field must be obtained from PTC Technical Support. For more information, see Request Information to Enable Advanced Model Target Generation.
Secret Key
The value for this field must be obtained from PTC Technical Support. For more information, see Request Information to Enable Advanced Model Target Generation.
Click Next.
11. Enter the Default Domain Name, and click Next. If you’re not sure what to enter for the default domain name, see the “Domain Name” section in Configuration Parameters.
12. The Project Access window appears. If you want to disable Vuforia Studio authors from publishing projects with Access set to Public, select the Disable publishing projects with public access checkbox.
13. The Project Download for Offline Viewing window appears. If you want to disable Vuforia Studio authors from publishing projects with the Allow download for offline viewing setting enabled, select the Disable publishing projects that can be downloaded for offline viewing checkbox.
14. On the Authentication window, select one of the following:
Basic Authentication
Single Sign-On (OpenID Connect)
* 
If you selected Basic Authentication, skip to Step 14.
15. If you selected Single Sign-On (OpenID Connect), enter the following information:
Field
Description
Select OpenID Provider for Single Sign-On
Select one of the following based on your provider:
OKTA
Issuer URL
Set this equal to the <as-base-url> parameter identified in SSO Configuration Parameters.
Client ID
Set this equal to the <es-client-id> parameter identified in SSO Configuration Parameters.
Choose a unique value to use as the client ID for the Experience Service. For example: studio-es.
* 
This value must match with what will be entered during Experience Service installation. If it does not match, SSO will not be configured properly.
Client Secret
Set this equal to the <es-client-secret> parameter identified in SSO Configuration Parameters.
When configuring the Experience Service client, PingFederate gives you the option to generate a secret for the client. If you choose to generate a secret for the client, capture the value generated, as it will be required to complete other installation and configuration steps. Alternatively, you can choose your own client secret. In this case, ensure that the secret you choose is a strong password and cannot be easily guessed.
Redirect URL
Set this equal to the <es-redirect-uri> parameter identified in SSO Configuration Parameters.
ES Scope
Set this equal to the <es-scope> parameter identified in SSO Configuration Parameters.
External Scope
By default, this is set to THINGWORX.
ThingWorx Access
Select one of the following:
Use Application Key—select this option to use application keys in ThingWorx
Use Credentials—select this option to use an account in your IdP
For more information, see ThingWorx Authentication.
Username
Set this equal to the value of the sub attribute identified in your OpenID Connect Policy.
Timeout (minutes)
When the Experience Service is authenticated using OpenID Connect, a session is created for the user that authenticated it. This property specifies how much time (in minutes) must elapse before the session is invalidated and the user must re-authenticate.
Client ID
Enter the name of the Studio client ID. The default value for this field is PTC_Studio_Client_ID. However, if this has been configured to something different, that must be entered here.
16. The ThingWorx Server window appears. Enter the appropriate information, and click Next once you’ve finished.
Field or Setting
Description
ThingWorx Server URL
This is a required field.
Enter the URL to your instance of ThingWorx in the ThingWorx Server URL field. For example, https://twx.example.com:8443/Thingworx.
Configure Public Access to ThingWorx Server
Select this checkbox to allow public Experiences to access ThingWorx data.
For more information about public Experiences and configuring public access to ThingWorx, see Configuring Public Access to ThingWorx.
Administrator Credentials for ThingWorx Server
Basic Authentication—Provide the username and password for an account that has Administrative permissions on your ThingWorx Server. These credentials are used to configure access to the ThingWorx Server that is required by the Experience Service.
Single Sign-On (OpenID Connect)—Provide the access token that you acquired in Obtain OAuth Access Token for ThingWorx Administrator Using Postman.
17. Click Next. On the Ready to Install window, click Next.
For information about manually setting configuration parameters, see Configuration Parameters.
Post-Installation Steps (Single sign-on only)
For information about post-installation steps for single sign-on authentication, see Single Sign-on Post-installation Steps.
Unattended Mode
When the installer is run in Unattended mode, the choices for the installer steps must be specified as either command-line arguments or in an options file. The values specified for the options are validated using the same logic used to validate manually entered values. The following tables describe the options that can be specified when the installer is run in Unattended mode. If a value is not supplied, then the default value is used. For more information, see Unattended Mode.