We're starting our attempt to setup a reverse proxy solution with our windchill 10.2 / 11 envorments . Does anyone have any pointers or experience setting this up with PING?
I've glanced through the advanced configuration guide but looks to be a bit vague. It appears I need to pass on the REMOTE_USER header value over to my windchill application. If you have any steps, configuration examples, etc it would be quite helpful as this is our first attempt on this and we do not have experience in this area so we're trying to figure it out.
Architecture would look something like this:
client > reverse proxy load balancer > reverse proxy > windchill load balancer > application server
Please refer to the below article:
It will be great if it helps you resolving the issue.
Thanks & Regards,
I see two sections within the CS.
1) configuring windchill
2) configuring apache for RP
I do not own the reverse proxy solution (it is already available) so I need to bolt up Windchill to it. In context of the CS you've provided, only section 1 of the CS would apply?
If Apache is already configured with Reverse proxy then you can follow the steps in section 1 (To configure Windchill for an HTTP Reverse proxy ).
I suggest you to take backup of the files prior to making any changes.
Still struggling to get this to work so i thought I would ask a few other questions.
1) The reverse proxy I'm attempting to use is shared resource and not Windchill related. Clients will authenticate against this reverse proxy and then redirected to Windchill.
2) Given the reverse proxy is not mine or windchill related, what is the role for the windchill & apache configurations identified in the above posts? It makes me think I am setting up the bundled apache that comes with Windchill as the reverse proxy.
3) More so, the reverse proxy and authentication is already being handled for me so what is the role of the bundled apache that comes with Windchill in these scenario? I don't want to setup Apache to be a reverse proxy but to accept the proxied / already authenticated user into Windchill from the central reverse proxy solution not related to Windchill.
The goal: client makes a request to the central reverse proxy, enter their login details, reverse proxy authenticates & re-directs them to the internal based Windchill solution.
How is the authentication configured in you reverse proxy? Is it form based or basic authentication?
Is your shared reverse proxy an instance of Apache?
If it's apache, you don't need Windchill Apache, you can use mod_jk in reverse proxy and go directly to the embedded tomcat on Windchill server. However assuming that you are implementing reverse proxy for public access, how are you planning local user's access? You can have a split DNS configuration and point internal users directly to Apache on Windchill server
If it's Apache, another option is to to use mod_proxy_http, to proxy the authenticated users to Windchill server. You don't need REMOTE_USER, instead, use proxy_chain_auth to pass the authentication to Windchill server.
Hi Binesh, thanks for responding.
They are using a HTML form to authenticate the user login and password. the reverse proxy is not apache based.
How do i pass an authenticated user to the tomcat instance? What configurations are invovled here?