PTC has a well documented (Tech Support Articles) on how to integrate Windchill with an on-premise Microsoft Active Directory Server. What needs to Change in Apach Auth Files, Command to update Apache, Site.xconf, Windchill JNDI Adapter. What Values are needed.
I am investigating, researching and eventually documenting the procedure to use a common Web Based AD. Its my education for the summer.
But I do not see any coordinated Document for connecting to a Web Based Active Directory.
Q: Is it the Same? (Assuming going to use LDAPS and Port 636, to Encrypt Passwords) Would anyone be willing to send documentation if they have done so? Or just explain if it is no different and you set up same as Microsoft ADS.
Understanding SSO (Single Sign on) with a CAD to Microsoft Azure being the Identity Provider to the CAS(Authroization Server); as different but the Articles from PTC focus on ThingWorks integration not Windchill Integration... more as ThingWorks it was a requirement.
In that case, again the Apache/Windchill changes are not defined in an article. Or again is it the same as a normal AD Integration just URL is to the CAS (Ping Federation)
Any Assistance appreciated: firstname.lastname@example.org
We have decided on Shibboleth as the Windchill Service Provider and Microsoft Azure as the Identity Provider.
System is Linux.
The PTC Help is fairly generic.
Would anyone be willing to send me their Configuration Files so I can see what a proper configuration looks like?
Specifically entries for:
[email address removed for privacy]
We were able to Configure Windchill/Shibboleth Service Provider to Azure Identity Provider.
Once SSO is configured using the PTC Help Instructions, there does not seem to be a method to connect without SSO for WIndchillDS Users. For Example: The Site Administrator or CAD Worker user.
Has Anyone changed Apache to allow Access as Admin?
In general appears all users including Application Administration accounts would need to be in the Identity Provider.
Have talked to Larger Customer who uses a Windchill Cluster, in their case they keep one Node configured OOTB for Administrators and the Other Nodes are in Load Balancer and End Users configured for SSO.
We are planning to implement the Azure LDAP with Windchill as well. As you mentioned we also usually have a local apache running for cluster which can still have the wcadmin/DS users perform their administrative tasks.
If you do have any recommendations for implementation/documentation would help us a lot.