cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can subscribe to a forum, label or individual post and receive email notifications when someone posts a new topic or reply. Learn more! X

How to use both Windchill authentication and IDP(Active Directory) SSO in ThingWorx Navigate?

Go to solution
hno
13-Aquamarine
13-Aquamarine
‎Apr 13, 2024 04:19 AM
‎Apr 13, 2024 04:19 AM

How to use both Windchill authentication and IDP(Active Directory) SSO in ThingWorx Navigate?

hi.

 

i've set up Thingworx SSO with an AD server.


If Windchill cannot be configured for SSO,

Is it possible to use the current Thingworx logged-in user account for the Windchill connector(OData, Swagger) after authenticating Thingworx with SSO?

 

This is because each user has different permissions in Windchill.

 

Thanks.

 

 

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
RB_11083802
7-Bedrock
7-Bedrock
(To:hno)
‎May 23, 2024 02:40 AM
‎May 23, 2024 02:40 AM

Ensure ThingWorx is correctly set up with SSO using your AD server. Users should be able to log in to ThingWorx seamlessly using SSO. Once a user is authenticated in ThingWorx, their session should contain information about their identity and possibly their roles or permissions. Configure the ThingWorx Windchill Connector (using OData, Swagger, or another API mechanism) to accept authenticated sessions from ThingWorx. Implement a token exchange mechanism where ThingWorx can issue a secure token after a successful SSO login. Map the permissions from the ThingWorx session to the required Windchill permissions. Ensure that the Windchill connector can interpret these permissions correctly.

Best Regard,
Robert Blodgett adpworkforcenow

View solution in original post

0 Kudos
Notify Moderator
1 REPLY 1
RB_11083802
7-Bedrock
7-Bedrock
(To:hno)
‎May 23, 2024 02:40 AM
‎May 23, 2024 02:40 AM

Ensure ThingWorx is correctly set up with SSO using your AD server. Users should be able to log in to ThingWorx seamlessly using SSO. Once a user is authenticated in ThingWorx, their session should contain information about their identity and possibly their roles or permissions. Configure the ThingWorx Windchill Connector (using OData, Swagger, or another API mechanism) to accept authenticated sessions from ThingWorx. Implement a token exchange mechanism where ThingWorx can issue a secure token after a successful SSO login. Map the permissions from the ThingWorx session to the required Windchill permissions. Ensure that the Windchill connector can interpret these permissions correctly.

Best Regard,
Robert Blodgett adpworkforcenow
0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags