Community Tip - If community subscription notifications are filling up your inbox you can set up a daily digest and get all your notifications in a single email. X
This is related to logging into Thingworx via Windchill, AD and case sensitive username. Noting these two articles where PTC has no plans to make Thingworx case insensitive.
https://www.ptc.com/en/support/article/CS259466?source=search
https://www.ptc.com/en/support/article/CS244222?source=search
I am reading something here that does seem to alter the attribute value and make it lowercase. Just curious is anyone has tried it? I will give it a whirl but curious if anyone has a work around to this problem.
Side effect to switching to SSO, some of our users have their username with mixed case. All usernames in Windchill and Thingworx were created with lowercase user ids. Since the user no longer provides these values at login, it is pulling the value from AD directly which does not align with Thingworx Navigate account. Aside from touching all the accounts in AD to make them lowercase, I am in search of an alternate solution.
Solved! Go to Solution.
Ok, test seems to work. Here is my changes to shibboleth2.xml
<OutOfProcess tranLogFormat="%u|%s|%IDP|%i|%ac|%t|%attr|%n|%b|%E|%S|%SS|%L|%UA|%a">
<Extensions>
<Library path="plugins.so" fatal="false"/>
</Extensions>
</OutOfProcess>
This is a bit backwards but this OutOfProcess block appears higher up in this file. So this is required per this note: https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334480/LowerCaseAttributeResolver
In case you are curious, that library file exists here:
Next change is as follows:
<!-- Default filtering policy for recognized attributes, lets other data pass. -->
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
<!-- Adding Attribute Resolver to try and fix username case issue -->
<AttributeResolver type="LowerCase" source="uid"/>
I added the AttributeResolver block to force all usernames to lowercase. I am using "uid" or samAccountName as our Windchill userid. I tested with a user who I confirmed had issues with Thingworx prior due to it creating a new account with mixed case provided by IDP and AD. With this change (and a shibd restart), it forced it to lowercase and no change in AD was needed. This might be a work around for anyone dealing with the case sensitivity with Thingworx and using Windchill for authentication. Let me know if this is a good idea or will cause other issues. Simple enough to undo if need be.
Ok, test seems to work. Here is my changes to shibboleth2.xml
<OutOfProcess tranLogFormat="%u|%s|%IDP|%i|%ac|%t|%attr|%n|%b|%E|%S|%SS|%L|%UA|%a">
<Extensions>
<Library path="plugins.so" fatal="false"/>
</Extensions>
</OutOfProcess>
This is a bit backwards but this OutOfProcess block appears higher up in this file. So this is required per this note: https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334480/LowerCaseAttributeResolver
In case you are curious, that library file exists here:
Next change is as follows:
<!-- Default filtering policy for recognized attributes, lets other data pass. -->
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
<!-- Adding Attribute Resolver to try and fix username case issue -->
<AttributeResolver type="LowerCase" source="uid"/>
I added the AttributeResolver block to force all usernames to lowercase. I am using "uid" or samAccountName as our Windchill userid. I tested with a user who I confirmed had issues with Thingworx prior due to it creating a new account with mixed case provided by IDP and AD. With this change (and a shibd restart), it forced it to lowercase and no change in AD was needed. This might be a work around for anyone dealing with the case sensitivity with Thingworx and using Windchill for authentication. Let me know if this is a good idea or will cause other issues. Simple enough to undo if need be.