cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you get called away in the middle of writing a post? Don't worry you can find your unfinished post later in the Drafts section of your profile page. X

Form-based Authentication or Auto "logoff" after 10 minutes

BryanK
16-Pearl

Form-based Authentication or Auto "logoff" after 10 minutes

Version: Windchill 12.1

 

Use Case: Need the Browser / Windchill to log out the user after about 10 minutes. Need a well documented example to setup FBA using Windchill tomcat.


Description:

I'm trying to find a way to log a user out after 10 minutes. (this time could / should be changeable) 

From my investigations / understanding You can enable Form-based Authentication and then you can change the servlet session timeout of 30 minutes is set in <Windchill>/codebase/WEB-INF/web.xml

Changing that alone does not work. So I assume that you need to enable forms based auth.

I have been through countless support articles on using Form-based Authentication. I have also read through the helpfiles and I'm lost. 

I'm trying to use windchill tomcat to do the FBA

I have set the wt.properties like this.

 

wt.auth.form.enabled=true
wt.auth.form.submitUrl=https\://MYWINDCHILL.com/Windchill/login/login.jsp
wt.auth.form.loginMarker=<form method="POST" action="j_security_check" id="login">

wt.logout.url=https\://MYWINDCHILL..com/Windchill/login/login.jsp

 

I get the following

BryanK_0-1722402097084.png

And then I get the following

BryanK_1-1722402136144.png

Does anyone have a working example, as the ptc help files are too vague for me.

Any help would be appreciated. 

Bryan

 

 

11 REPLIES 11

Hi Marco,

I have tried that nothing happens..

I have also tried this one (another PTC kb )

<Property name="wt.session.sessionUsers.timeout" overridable="true" targetFile="codebase/wt.properties" value="5"/>

and this one

https://www.ptc.com/en/support/article/CS74864

 

Still no joy. 

 

I wouldn't know what else to suggest.

 

The session timeout is governed by what is written in the two articles and in my case it works correctly with the default setting at 30 minutes.

 

In fact, some users save, even though they shouldn't for security reasons, credentials from the browser so that they automatically authenticate when the 30 minutes set in Tomcat expires.

 

Marco
rleir
17-Peridot
(To:BryanK)

BryanK
16-Pearl
(To:rleir)

Hi,

Thanks I have already read through that thread, which was very informative. I even like some of the work arounds.

I get that OOTB there is no "auto-logout" functionality and I'm happy to accept this. What I'm to do is get windchill to work with forms-based authentication so that "hopefully" the tomcat session will force the logon page after the time-out. 

 

What I cant find is some documentation or example that I can start testing with using the OOTB Windchill/login/login.jsp. 

Or I'm just not reading the documentation correctly.

Hope this makes sense.

 

Cheers

BryanK
16-Pearl
(To:BryanK)

After being asked to accept one of these as a solution. I cant so I'm posting this.....

It seems there is no solution. 

Hi Bryan,

I could see that "Logging out" an user is not been figured out yet by you.

Are you having any business requirement to log out an user? I could not fully understand the reason you want to do that.

Any Licensing reasons?

 

I have never come across any customer asking this. They will usually ask in training and then during go live, they could understand that Windchill is always on for them and get information on the tap.

 

Not sure if my comments help you, just stating my experience.

 

Cheers

Hari

Hi,

Thanks for the response.

We have a client that is using windchill in the pharma industry. 

They say that there is requirement for the user to be auto logged out. 
It could be this. I can ask for the actual requirement if necessary.

("Under the HIPAA Security Rule, covered entities (CEs) and business associates (BAs) are required to implement appropriate technical safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI). The Security Rule technical safeguards contain a series of standards whose requirements CEs and BAs must meet.")

 

So that's where the root of my question came from.

I realize that there are probably add on solutions, but, I was hoping that PTC had something built in. (which the documentation sort of eludes to in a vague sort of way.) 

Which was why i was asking if any one had a working example. 

Thanks.

 

 

avillanueva
22-Sapphire II
(To:BryanK)

Have you explored solutions outside Windchill? What basically needs to happen is the session needs to be inactivated which would force the user to re-login. Are you looking to have the page automatically redirect the user to a login page or somewhere else indicating that they have been logged out, sort of like how my bank does? I might suggest you look here: https://stackoverflow.com/questions/45331369/countdown-timer-to-logout-of-application

These would be solutions outside of Windchill but you can make customizations to a main page like the main header page or something common to all parts of the UI. Anything with javascript or JSP would work. 

Thanks, if needed we will need to look at something like this. 

I will  revisit this topic if it becomes a priority for our client.

rleir
17-Peridot
(To:BryanK)

"requirement for the user to be auto logged out. "  -- that implies a timeout after which the UI no longer responds. You could set the Windows screen saver to 10 minutes, and say that makes the UI unresponsive?

Announcements


Top Tags