Community Tip - When posting, your subject should be specific and summarize your question. Here are some additional tips on asking a great question. X
For an automated Windchill authentication Creo Toolkit provides the command ProBrowserAuthenticate to preset login and password information for subsequent Toolkit calls which require authentication and authorization like ProServerWorkspacesCollect, ProServerObjectsCheckin, etc.
At the moment many companies are moving from password based access to SSO (single-sign-on) by Shibboleth and therefor the old approach does not work anymore.
Is there any workflow existing to provide the credentials from SSO by the Toolkit API?
I was also looking for such API but PTC does not support this as of now.
You can use APP ID and allow basic auth for that app id in Windchill. This is a kind of workaround and may be the best solution.
Thanks,
Suresh
I was wondering how PTC solves this for a Toolkit application running as CAD worker. In this case this information has to be provided to the xtop.exe process somehow. Either somewhere in %appdata%/PTC, as environment variable, as runtime argument for xtop.exe etc.
CAD- Workers still work with basic auth.
PTC should provide an API which take auth token as input.
or Should take token and other url's do the authentication. This is available today in other CAD tools
Personally I don’t believe that there is a Check In/Check Out for a Worker, are you sure about?
I think the easiest solution is to read the user from the system, probably not from the environment 😅. And my assumption in that case would be, you have to configure this in Windchill. Because you don’t need this dialogue any longer.
On the other hand, using other specific user require special attention.
And if this is turned on, Creo or the Browser must provide the ID, now you need tools to extract the username for validation 😇.
Actually the workflow is the following that you have to authenticate yourself against the SSO system and this provides you a token (or for Shibboleth a cookie) and you have to send this token instead of the basic authorization information. ProBrowserAuthenticate allows to set the login/password information for a basic auth, but not for sending a specific token.
I thought about to open the browser to the specific site from the WT Server.
As far as I know it use the same cookie space so you should be authenticated afterwards.
We have a similar problem on the other site if we want to call REST API requests. So we add a alternative route to the REST API to call it without SSO atm.
PTC has currently no solution for this (like an API token ...).
Br,
Eike
Hello Eike,
thanks for the feedback. For calling REST API we have a similar solution which requires the user to do the authentication once and we store in case of OAuth2 bearer and refresh token encrypted to registry to reuse this information in subsequent REST calls.
In this case I'm searching for a solution for the Toolkit API Windchill functions to use them in a Creo session which is launched without user interaction.
Thanks,
Achim