Showing results for 
Search instead for 
Did you mean: 
Showing results for 
Search instead for 
Did you mean: 

Enterprise LDAP - Microsoft Azure AD

Regular Member

Enterprise LDAP - Microsoft Azure AD

PTC has a well documented (Tech Support Articles) on how to integrate Windchill with an on-premise Microsoft Active Directory Server.  What needs to Change in Apach Auth Files, Command to update Apache, Site.xconf, Windchill JNDI  Adapter.  What Values are needed.


I am investigating, researching  and eventually documenting the procedure to use a common Web Based AD.  Its my education for the summer.


But I do not see any coordinated Document for connecting to a Web Based Active Directory.  

Q: Is it the Same?  (Assuming going to use LDAPS and Port 636, to Encrypt Passwords)  Would anyone be willing to send documentation if they have done so?  Or just explain if it is no different and you set up same as Microsoft ADS.



Understanding SSO (Single Sign on)  with a CAD to Microsoft Azure being the Identity Provider to the CAS(Authroization Server); as different but the Articles from PTC focus on ThingWorks integration not Windchill Integration... more as ThingWorks it was a requirement. 

In that case, again the Apache/Windchill changes are not defined in an article.  Or again is it the same as a normal AD Integration just URL is to the CAS (Ping Federation)


Any Assistance appreciated:



Re: Enterprise LDAP - Microsoft Azure AD

We have decided on Shibboleth as the Windchill Service Provider and Microsoft Azure as the Identity Provider.

System is Linux.


The PTC Help is fairly generic.

Would anyone be willing to send me their Configuration Files so I can see what a proper configuration looks like?

Specifically entries for:




Brian Sullivan

[email address removed for privacy]





Re: Enterprise LDAP - Microsoft Azure AD -SSO -Shibboleth

We were able to Configure Windchill/Shibboleth Service Provider to Azure Identity Provider.


Fundamental Issue:

Once SSO is configured using the PTC Help Instructions, there does not seem to be a method to connect without SSO for WIndchillDS Users.  For Example: The Site Administrator or CAD Worker user.


Has Anyone changed Apache to allow Access as Admin? 


In general appears all users including Application Administration accounts would need to be in the Identity Provider. 

Have talked to Larger Customer who uses a Windchill Cluster, in their case they keep one Node configured OOTB for Administrators and the Other Nodes are in Load Balancer and End Users configured for SSO.


Thingworx Navigate content has a new home! Click here to access the new Thingworx Navigate forum! ______________________________ Check out the Windchill Tips Board! We're talking about Whirlpool's use of digital twin, augmented reality, and data-driven design!

The NAVIGATE WORKING GROUP is here! Come innovate with PTC!

Sign up for a Working Group