cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - If community subscription notifications are filling up your inbox you can set up a daily digest and get all your notifications in a single email. X

9.1 and beyond SAML & AD support.

alexknelson
1-Newbie
1-Newbie
‎Jun 12, 2012 03:47 PM
‎Jun 12, 2012 03:47 PM

9.1 and beyond SAML & AD support.

Beyond InfoEngine and Software Build Tools...is SAML authentication supported by Windchill? We're looking for a way to have Windchill reference our AD security groups.

Thanks,

Alex

Labels:
0 Kudos
Notify Moderator
4 REPLIES 4
JørnAHansen
2-Guest
2-Guest
(To:alexknelson)
‎Jun 13, 2012 07:29 PM
‎Jun 13, 2012 07:29 PM

You mention SAML but also that what you want to gain is having Windchill reference you AD groups. Depending on what you want to do with the groups SAML might not be required. so please explain a bit more ...

If it's just that you want user authentication to be handled with AD as the source for passwords and group membership it should be covered by the Windchill docs already

One thing SAML might provide is single-sign-on for simple browser access which might only require Apache and ADFS configuration using something like Shibboleth for the SAML relying party on Apache because Windchill out of the box relies on Apache for the authentication. See e.g. http://stackoverflow.com/questions/7256890/how-can-i-secure-tomcats-webapps-with-adfs-2-0-and-saml-sso

Note I have not tried setting SAML based sso up with Windchill though only done some reading on the topic. I don't know if there will be problems with special client side configurations (DTI, WGM and Java applets in the browser).

0 Kudos
Notify Moderator
alexknelson
1-Newbie
1-Newbie
(To:JørnAHansen)
‎Jun 14, 2012 09:42 AM
‎Jun 14, 2012 09:42 AM

My goal is to have users login with their AD credentials and to Windchill permissions be controlled by AD security groups. The only reference to AD I've seen to date has been in relation to ldap and simply logging in...nothing to do with security groups.

I mentioned SAML as my IT security team told me to look for it...we are now trying to use ADFS (which uses SAML) for SSO as well.

0 Kudos
Notify Moderator
JørnAHansen
2-Guest
2-Guest
(To:alexknelson)
‎Jun 18, 2012 05:37 PM
‎Jun 18, 2012 05:37 PM

Ahh OK, I think I understand a bit more what you are aiming for then. Note the existing Windchill documentation regarding LDAP and AD also mention mapping to groups in AD. See this chapter: http://www.ptc.com/cs/help/windchill_hc/wc100_hc/index.jspx?id=WCInstall_MapUserGroup&action=show

Please keep us posted on your experiences with going down the ADFS for SSO route, either it's good or bad. It might be helpful to others...

0 Kudos
Notify Moderator
alexknelson
1-Newbie
1-Newbie
(To:JørnAHansen)
‎Jun 19, 2012 04:29 PM
‎Jun 19, 2012 04:29 PM

Checking out the link you posted now, thanks.

0 Kudos
Notify Moderator
Top Tags