Skip to main content
B
BryanK16-Pearl
16-Pearl
July 31, 2024
Question

Form-based Authentication or Auto "logoff" after 10 minutes

  • July 31, 2024
  • 2 replies
  • 3115 views

Version: Windchill 12.1

 

Use Case: Need the Browser / Windchill to log out the user after about 10 minutes. Need a well documented example to setup FBA using Windchill tomcat.


Description:

I'm trying to find a way to log a user out after 10 minutes. (this time could / should be changeable) 

From my investigations / understanding You can enable Form-based Authentication and then you can change the servlet session timeout of 30 minutes is set in <Windchill>/codebase/WEB-INF/web.xml

Changing that alone does not work. So I assume that you need to enable forms based auth.

I have been through countless support articles on using Form-based Authentication. I have also read through the helpfiles and I'm lost. 

I'm trying to use windchill tomcat to do the FBA

I have set the wt.properties like this.

 

wt.auth.form.enabled=true
wt.auth.form.submitUrl=https\://MYWINDCHILL.com/Windchill/login/login.jsp
wt.auth.form.loginMarker=<form method="POST" action="j_security_check" id="login">

wt.logout.url=https\://MYWINDCHILL..com/Windchill/login/login.jsp

 

I get the following

BryanK_0-1722402097084.png

And then I get the following

BryanK_1-1722402136144.png

Does anyone have a working example, as the ptc help files are too vague for me.

Any help would be appreciated. 

Bryan

 

 

2 replies

Marco Tosin
21-Topaz I
Marco Tosin21-Topaz I
21-Topaz I
July 31, 2024

This is a workaround

 

Is it possible to log users out automatically after a period of inactivity in Windchill PDMLink

 

 

Marco
B
BryanK16-PearlAuthor
16-Pearl
July 31, 2024

Hi Marco,

I have tried that nothing happens..

I have also tried this one (another PTC kb )

<Property name="wt.session.sessionUsers.timeout" overridable="true" targetFile="codebase/wt.properties" value="5"/>

and this one

https://www.ptc.com/en/support/article/CS74864

 

Still no joy. 

 

Marco Tosin
21-Topaz I
Marco Tosin21-Topaz I
21-Topaz I
August 1, 2024

I wouldn't know what else to suggest.

 

The session timeout is governed by what is written in the two articles and in my case it works correctly with the default setting at 30 minutes.

 

In fact, some users save, even though they shouldn't for security reasons, credentials from the browser so that they automatically authenticate when the 30 minutes set in Tomcat expires.

 

Marco
    R
    rleir17-Peridot
    17-Peridot
    August 1, 2024

    More discussion here:

    https://community.ptc.com/t5/Windchill/How-to-logout-of-Windchill/td-p/373052

     

    B
    BryanK16-PearlAuthor
    16-Pearl
    August 1, 2024

    Hi,

    Thanks I have already read through that thread, which was very informative. I even like some of the work arounds.

    I get that OOTB there is no "auto-logout" functionality and I'm happy to accept this. What I'm to do is get windchill to work with forms-based authentication so that "hopefully" the tomcat session will force the logon page after the time-out. 

     

    What I cant find is some documentation or example that I can start testing with using the OOTB Windchill/login/login.jsp. 

    Or I'm just not reading the documentation correctly.

    Hope this makes sense.

     

    Cheers

    B
    BryanK16-PearlAuthor
    16-Pearl
    November 5, 2024

    After being asked to accept one of these as a solution. I cant so I'm posting this.....

    It seems there is no solution. 

    Terms & ConditionsCookie settingsAccessibility statement