We have a windchill 80 M040 system with Apache and Tomcat.Recently I have integrated it with our corporate active directory.
It works great but it still pops up the authentication window for us to enter the NT credentials.
This is causing annoyance because, to users are on intranet because it is no different from the early scenario(windchill LDAP) .Our browser is to set to “Automatic logon with current username and password”.
Does anybody know of the setting to prevent this authentication window to appear and take the NT credentials automatically from the browser.
Any help or pointers are appreciated.Thanks in advance.
Your user can now save their password in browser like chrome. With that there are no frequent popups.
If this is not helping you please try SSO.
Are users constantly closing their browser session? I've seen no change in login behavior in Windchill between WindchillDS and Active Directory. Users are prompted for their credentials the first time they access Windchill, and then never again as long as they don't completely exit that particular browser. Saving the username and password in the browser is certainly handy for a fresh login, but it has no impact on continual usage (as long as the browser stays running.) The browser itself automatically caches the current credentials and passes them back to Windchill with every single action taken on every single web page (regardless of whether or not the browser has been instructed to 'save' the credentials.) If this is not happening, then there is a problem with how your web browser (or possibly Windchill) is configured. Active Directory integration by itself does not cause this...
Are you looking to remove prompt for password entirely? Or are you seeing people get reauthenticated periodically when they have already logged in? To my knowledge, saving the credentials in browser does not remove the prompt but rather fills in the values for you. Are you looking to have windows creds passed from the OS to the browser?
We had for a time 2FA with DUO and AD. There was a cache timeout value we had to adjust which allowed the browser to cache the creds for 12 hours without pinging back to Duo proxy. If the provided creds from user match the cache, it does not check back with AD at all, stops at the webserver. We are currently back to simple AD authentication which does mean a login for Creo View and Browser but at least its their windows creds.