Authorization mechanism in Windchill RV&S like Kerberos, SAML or openIDConnect
One use case may be anyone can share his/her findings or any experience :-
Use Case:- Windchill RV&S Web GUI not working in Browser as it do opens but when we click on "Start Workflows and Documents Web Interface" it gives 401 error generally it should open a new tab with pop up window asking for username and password. Email Links are also not working because technically first they jump on browser and then launch Windchill RV&S.
Root Cause :- Browser Policies in our organizations are updated and what we got from policy team, "Integrity has basic authenticate/ authorization method by default and it needed to convert into Kerberos, Kerberos SSO, openIDConnect or SAML".
What i know so far don't know about SAML or openIDConnect, but Windchill RV&S do have Kerberos and Kerberos SSO mechanism. It's just more or less how to implement, because i haven't enabled this in past and no prior experience with Kerberos enablement.
I have tried some hit and trials in security.properties by adding two property mks.security.kerberosRealmName & mks.security.kdcAddress and after that setting mks.security.policy.scheme.default=windows_private,mksdomain_private because we do have SSL in place. But unfortunately didn't worked.
I am trying to enable Kerberos not Kerberos SSO for the moment because it requires other thing like keytab file and all. Or do i need keytab file for this as well ?
If anyone has any prior experience or any idea, feel free to come in comment section or PM me. I would be very grateful to have a conversion on this with anyone.