Auth0 Home Blog Docs

Integration with Teamcenter Security Service

token
sso
cookie
teamcenter
header

#1

Hello Dear Team!
My question may be strange, but nonetheless
We have a Teamcenter, this is Enterprise application, and this is system has a SSO.
Teamcenter SSO supported external application for provide authentication process, in login service has a follow parameters:
tcsso.login_service.proxyURL -
The protocol://host:port URL for the Teamcenter Security Services Login Service when used with load balancing or Commercial SSO proxies.
If the value is empty, the TSS services will use the httpRequest to retrieve the protocol://host:port information needed for the
TSS Login Service information.

tcsso.behind_sso_gateway - This flag indicates the presence of a third-party single sign-on solution.

tcsso.gateway.field.type - This string indicates how the gateway will transmit credential information (Teamcenter User ID) in the HTTP request to the Login Service (header or cookie). This value is ignored if tcsso.behind_sso_gateway is false.

tcsso.gateway.field.name - A string value that is the name of the chosen field in the tcsso.gateway.field.type.
This value is ignored if tcsso.behind_sso_gateway is false.
If tcsso.gateway.field.type value is client_certificate then this field valid values are

  1. CN
  2. SN
  3. G
  4. SERIALNUMBER

Dear Team, i will be glad get any idea how may use Auth0 with our system.
Thank you!


#2

I’m afraid that the information provided is insufficient (at least for me) as I don’t have knowledge on Teamcenter and a quick online search for technical documentation also did not result in any quality info.

From the Auth0 side, at this time, there is support for SAML, WS-Federation, OpenID Connect/OAuth 2.0 integrations, however, from the settings provided I’m unsure if that version of Teamcenter has support for any of the above.

From the Google search I found what appeared to be Teamcenter security services release notes (11.2) that hinted at the possibility of SAML being supported, however, these notes were not on the product site so I’m wary of their validity. My recommendation would be for you to ask to Teamcenter support if their product supports SSO integration with any of the above protocols; if it does and they can provide links to documentation then it will be easier for you to come back here with any doubts about how to configure it with Auth0.


#3

@jmangelo thank you for your response
i got some information about supporting SAML in Teamcenter.

SAML 2.0 works with several different providers:

• Identity providers:

Shibboleth

WebSEAL

SiteMinder

• Service proviiders:

Shibboleth

WebLogic

WebSphere

So, i have a guide which describe process to use Shibboleth… how this guide help me to use Auth0? or this guide will not be good for my task?

add…

from guide about integration Shibboleth and Teamcenter i got interest article:

d. Configure the Service Provider to pick up the “TeamcenterUserID” attribute from the Identity Provider

i. Add the following to file c:/opt/shibboleth-sp/etc/shibboleth/attribute-map.xml

Attribute name=“urn:oid:2.5.4.4” id=“TeamcenterUserID” />

a. Add the following to C:/opt/shibboleth-idp/conf/attribute-resolver.xml

	<resolver:Dependency ref="myLDAP" />
	<resolver:AttributeEncoder xsi:type="enc:SAML2String"
	name="urn:oid:2.5.4.4"
	friendlyName="**TeamcenterUserID**"
	xmlns="urn:mace:shibboleth:2.0:attribute-encoder" />
</resolver:AttributeDefinition>

<resolver:AttributeDefinition xsi:type="ad:Simple" id="**TeamcenterNameID**" sourceAttributeID="uid">
	<resolver:Dependency ref="myLDAP" />
    <resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID" nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</resolver:AttributeDefinition>

After that, on Teamcenter side i should set:
tcsso.behind_sso_gateway = true

tcsso.gateway.field.type = header

tcsso.gateway.field.name = TeamcenterUserID

tcsso.login_service.rp_cookieNamePattern = shibsession*

tcsso.login_service.proxyURL =http://where is shibolleth

I think what i should make similar steps with Auth0 service

I will be glad for any idea, thank you!


#4

In additional, Teamcenter Single Sign-on service has a jscript (PreLoginPage.jsp) which need to look for the Header or cookie value passed from the Commercial SSO.
This jscript has a next peace of code:

// field_type - This string indicates how the gateway will transmit credential information
(Teamcenter User ID) in the HTTP request to the Login Service, can be as HEADER, COOKIE and etc.

// field_name - this is a string that contains the user name of the authenticated in Auth0 , and this name will use for login in Teamcenter, for example TeamcenterUserID

field_type = application.getInitParameter("tcsso.gateway.field.type");

field_name = application.getInitParameter("tcsso.gateway.field.name");

OsUtil.info("Gateway request field type '" + field_type
    + "' contains field \"" + field_name + "\"");

if(field_type.equals(HEADER))
{
    String requestHeader = request.getHeader(field_name);


    try
    {
	    creduser = URLDecoder.decode(requestHeader,"UTF-8");
    }

    catch (NullPointerException ex)
    {
        OsUtil.error("No credential supplied in header \"" + field_name + "\"");
    }
    catch (UnsupportedEncodingException ex)
    {
        OsUtil.error("Error decoding gateway header field \"" + field_name + "\"");
    }
}
else if(field_type.equals(PARAMETER))
{
	creduser = request.getParameter(field_name);
}
else if(field_type.equals(PRINCIPAL))
{
	creduser = request.getUserPrincipal().getName();
}
else if(field_type.equals(COOKIE))
{
    Cookie cookies] = request.getCookies();
    for ( int i = 0; i < cookies.length; i++ )
    {
        if(cookies*.getName().equals(field_name))
        {
            creduser = cookies*.getValue();
            break;
        }
    }
}
else if(field_type.equals(REMOTE_USER)
	 || field_type.equalsIgnoreCase(CLIENT_CERTIFICATE)
	 || field_type.equalsIgnoreCase(FILTER_CLASS))
{
    creduser = request.getRemoteUser();
}
else
{
	OsUtil.error( "Missing Field Type in request from Gateway");
}

if( creduser == null )
{
	OsUtil.error( "UserID not found in request from Gateway");
}
else
{
	try
	{
        SSOObjectEncoder objEncoder = new SSOObjectEncoder(key_val,true);
        SSOLoginInfo SSOLI = new SSOLoginInfo();
        SSOLI.put(SSOLoginInfo.AuthenticationType,SSOLoginInfo.COMMERCIAL_SSO);
        SSOLI.put(SSOLoginInfo.UserID, creduser);
        SSOLI.put(SSOLoginInfo.PasswordTime,String.valueOf(System.currentTimeMillis()));
        credPW = objEncoder.encodeObject(SSOLI);
    }
    catch (GeneralSecurityException GSE)
    {
        OsUtil.error(GSE.getMessage());
    }
    catch(UnsupportedEncodingException UEE)
    {
        OsUtil.error(UEE.getMessage());
    }
    catch(IOException IOE)
    {
        OsUtil.error(IOE.getMessage());
    }
}

field_name - this is a string that contains the user name of the authenticated in Auth0, for example TeamcenterUserID

My question how i can get from Auth0 user name via TeamcenterUserID string?**


#5