Community Tip - Stay updated on what is happening on the PTC Community by subscribing to PTC Community Announcements. X
Is it possible to connect the API using Windows credentials? For example, if you are using SharePoint, you can send credentials using System.Net.CredentialCache.DefaultNetworkCredentials which sends a "security package" or something like that with your WIndows logon credentials.
Hello Nolin,
I'm not sure on this, since I've never had a situation in which I could test this, but on the server, if you edit <ServerRoot>/config/client/IntegrityClientSite.rc, looking at the daemon.authenticationPolicy setting. If this can work, I think you need to take a look at setting it to "mks.ic.common.policy.ICAuthenticatedSessionPolicy", then setting daemon.authenticationURL=<YourAuthenticationURL>. I'm not sure what the authentication URL would be in the case of a Windows domain, though.
If you get stuck, it may be worth opening a case.
Regards,
Kael
Kael,
I'm not sure I completely follow, but if I did, how would I connect with the API once the authentication url was entered? Would I just leave out user name and password from API calls? I did find the file and the section you're talking about.
Thanks,
Nolin
Kael,
I talked to our guy in IT that deals with the back end and he seems to understand this. Next week we're going to try it out so I'll let you know how that goes. One question though, what is <YourAuthenticationURL>? Is this IntegrityURL:Port/im or something like that? Or is the URL not related to Integrity?
Thanks,
Nolin
Hi Nolin,
<YourAuthenticationURL> is an external (non-Integrity) page--which you specify--that will return "200/OK" if the user is valid, or "403/Forbidden" otherwise. It can be literally any web page you can direct users to, so any web page that will return "200/OK" for authenticated users, and "403/Forbidden" otherwise would work.
As I mentioned before, I've never had a situation in which to test this, although looking at it some more, it should be easy to just create a web page to return either header response all the time. Getting it to return "200/OK" only for valid users is a bit trickier, but should still be relatively simple if you know what you're doing, know how the authentication system works, and know how to access it. I don't know how your authentication system works, and don't know how to access it via an API, so I'm probably not going to be able to help, but I'd love to hear how you made this work, even in general terms.
Regards,
Kael
Ah, OK. I think I follow now. I'll pass on this info and let you know how it works out.
Thanks for replying Nolin - we are looking forward to knowing the result.
Best,
Toby
Hi Nolin Borrero Jr.,
How did this work out?
Regards,
Kael
The person in IT that's going to help me with this has been swamped with Windchill stuff so we haven't been able to try this out yet. We still plan on trying it out though. I'm hoping we will have it setup before the end of November though.
Thanks Nolin,
We're still looking forward to hearing about your results.
Regards,
Kael
Kael,
Unfortunately we haven't been able to set this up yet. I'm hoping we'll be able to try within the next two weeks but the IT guy hasn't been able to work this yet.
Thanks,
Nolin
Hi Nolin Borrero Jr.,
Based on previous general experience, I suspect we'll have to wait until next calendar year.
Thanks for updating us!
-Kael