cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more! X

Authorization mechanism in Windchill RV&S like Kerberos, SAML or openIDConnect

kjain2
14-Alexandrite
14-Alexandrite
‎Oct 23, 2020 08:31 AM
‎Oct 23, 2020 08:31 AM

Authorization mechanism in Windchill RV&S like Kerberos, SAML or openIDConnect

Hello Community,

One use case may be anyone can share his/her findings or any experience :-

 

Use Case:- Windchill RV&S Web GUI not working in Browser as it do opens but when we click on "Start Workflows and Documents Web Interface" it gives 401 error generally it should open a new tab with pop up window asking for username and password. Email Links are also not working because technically first they jump on browser and then launch Windchill RV&S.

 

Root Cause :- Browser Policies in our organizations are updated and what we got from policy team, "Integrity has basic authenticate/ authorization method by default and it needed to convert into Kerberos, Kerberos SSO, openIDConnect or SAML".

 

What i know so far don't know about SAML or openIDConnect, but Windchill RV&S do have Kerberos and Kerberos SSO mechanism. It's just more or less how to implement, because i haven't enabled this in past and no prior experience with Kerberos enablement.

I have tried some hit and trials in security.properties by adding two property mks.security.kerberosRealmName & mks.security.kdcAddress and after that setting mks.security.policy.scheme.default=windows_private,mksdomain_private because we do have SSL in place. But unfortunately didn't worked.

I am trying to enable Kerberos not Kerberos SSO for the moment because it requires other thing like keytab file and all. Or do i need keytab file for this as well ?

 

If anyone has any prior experience or any idea, feel free to come in comment section or PM me. I would be very grateful to have a conversion on this with anyone.

 

Cheers,
K. Jain

 

Labels:
Notify Moderator
1 REPLY 1
MichaelChatel
20-Turquoise
20-Turquoise
(To:kjain2)
‎Oct 26, 2020 10:59 AM
‎Oct 26, 2020 10:59 AM

There's some info in the installation reference guide, but there's also this knowledge article, which you will no doubt find informative:

 

How to set up Windows/WindowsSSO Realms (Kerberos SSO) in Integrity

https://www.ptc.com/en/support/article/CS116568

 

It's pretty in-depth.

 

I would suggest opening a Support case, for assistance with this, if the knowledge article does not help you along.

 

Mike

 

Notify Moderator
Top Tags