|
If you are planning on using SSO as your authentication method, see Prepare for Single Sign-On (SSO) to ensure that you’ve completed all prerequisites before continuing with the installation.
|
You cannot select a file that already exists. |
If you are using the same PostgreSQL instance that is used by the ThingWorx server then the database name and log in/user name used by the Experience Service must be separate from the database name and log in/user name used by the ThingWorx server. |
If you selected Use HTTP (No TLS), skip to Step 11. |
PEM | PCKS12 (PFX) | ||||||
• PEM Private Key—the path to the file that contains the private key
. • Encrypted—select this checkbox if you want to encrypt the private key and enter the passphrase • PEM Public Certificate—the path to the file that contains the public certificate. • PEM Intermediate CA Certificate Bundle—(optional) the path to the certificate bundle file that holds the certificates for the intermediate CAs.
| • PCKS12 (PFX) Archive File—the path to the archive file. • Encrypted—select this checkbox if you want to encrypt the private key and enter the passphrase |
If the Experience Service is being deployed in a cluster then ensure that the data store directories are accessible by all instances running in the cluster. |
Field | Description |
Base URL | URL for the Model Target service. This field is populated for you. The value is: https://vws.vuforia.com |
Token Path | HTTP request path for OAuth2 authentication. This field is populated for you. The value is: oauth2/token |
AMTG Path | HTTP request path for Advanced Model Target generation. This field is populated for you. The value is: modeltargets/advancedDatasets |
Access Key | The value for this field must be obtained from PTC Technical Support. For more information, see Request Information to Enable Advanced Model Target Generation. |
Secret Key | The value for this field must be obtained from PTC Technical Support. For more information, see Request Information to Enable Advanced Model Target Generation. |
If you selected Basic Authentication, skip to Step 17. |
Field | Description | ||
Select OpenID Provider for Single Sign-On | Select one of the following based on your provider: • Entra ID • OKTA | ||
Issuer URL | Set this equal to the <as-base-url> parameter identified in SSO Configuration Parameters. | ||
Client ID | Set this equal to the <es-client-id> parameter identified in SSO Configuration Parameters. Choose a unique value to use as the client ID for the Experience Service. For example: studio-es.
| ||
Client Secret | Set this equal to the <es-client-secret> parameter identified in SSO Configuration Parameters. When configuring the Experience Service client, PingFederate gives you the option to generate a secret for the client. If you choose to generate a secret for the client, capture the value generated, as it will be required to complete other installation and configuration steps. Alternatively, you can choose your own client secret. In this case, ensure that the secret you choose is a strong password and cannot be easily guessed. | ||
Redirect URL | Set this equal to the <es-redirect-uri> parameter identified in SSO Configuration Parameters. | ||
ES Scope | Set this equal to the <es-scope> parameter identified in SSO Configuration Parameters. | ||
External Scope | By default, this is set to THINGWORX. | ||
ThingWorx Access | Select one of the following: • Use Application Key—select this option to use application keys in ThingWorx • Use Credentials—select this option to use an account in your IdP For more information, see ThingWorx Authentication. | ||
Username | Set this equal to the value of the sub attribute identified in your OpenID Connect Policy. | ||
Timeout (minutes) | When the Experience Service is authenticated using OpenID Connect, a session is created for the user that authenticated it. This property specifies how much time (in minutes) must elapse before the session is invalidated and the user must re-authenticate. | ||
Client ID | Enter the name of the Studio client ID. The default value for this field is PTC_Studio_Client_ID. However, if this has been configured to something different, that must be entered here. |
Field or Setting | Description |
ThingWorx Server URL | This is a required field. Enter the URL to your instance of ThingWorx in the ThingWorx Server URL field. For example, https://twx.example.com:8443/Thingworx. |
Configure Public Access to ThingWorx Server | Select this checkbox to allow public Experiences to access ThingWorx data. For more information about public Experiences and configuring public access to ThingWorx, see Configuring Public Access to ThingWorx. |
Administrator Credentials for ThingWorx Server | • Basic Authentication—Provide the username and password for an account that has Administrative permissions on your ThingWorx Server. These credentials are used to configure access to the ThingWorx Server that is required by the Experience Service. • Single Sign-On (OpenID Connect)—Provide the access token that you acquired in Obtain OAuth Access Token for ThingWorx Administrator Using Postman. For more information, see Configure Access to ThingWorx Group Memberships and Configuring Public Access to ThingWorx. |