cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X

Mapping attributes for SSO with Azure and Shibboleth

Go to solution
ZahyMatar
6-Contributor
6-Contributor
‎Feb 23, 2023 01:05 PM
‎Feb 23, 2023 01:05 PM

Mapping attributes for SSO with Azure and Shibboleth

Hey everyone, 

 

We are in the final stages of our SSO configuration for Windchill. We get prompted with the Microsoft sign-in, but it ends up searching for the user's email attribute in Windchill rather than their first.last (our current setup for user accounts in Windchill).


We have tried mapping the attributes to no avail. We are also required to delete everything in the address bar after */Windchill in order to get it to load. I end up with a "URL not found" error. 

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
BrianSullivan
10-Marble
10-Marble
(To:ZahyMatar)
‎Mar 14, 2023 01:30 PM
‎Mar 14, 2023 01:30 PM

Hello Zahy,

 

The Mapping is on the MS Azure Side.

 

PTC Support Technique is mapping the Claim/Name in MS Azure to the ID in Windchill.

1. Default is Email Address

2. PTC Literature shows you can change Claim/Name change from user.principalname to user.onpremisessamaccountname

which would map your O.S. Log In Syntax.

 

Talk with you MS Azure expert on whether there is a different value that they have in MS Azure that is equivalent to firstname.lastname.

 

Brian 

View solution in original post

0 Kudos
Notify Moderator
2 REPLIES 2
jbailey
17-Peridot
17-Peridot
(To:ZahyMatar)
‎Mar 09, 2023 10:25 AM
‎Mar 09, 2023 10:25 AM

Might need some more context here. Version of Windchill? Have you tried SAMLTracer to see what is being returned in an assertion?

0 Kudos
Notify Moderator
BrianSullivan
10-Marble
10-Marble
(To:ZahyMatar)
‎Mar 14, 2023 01:30 PM
‎Mar 14, 2023 01:30 PM

Hello Zahy,

 

The Mapping is on the MS Azure Side.

 

PTC Support Technique is mapping the Claim/Name in MS Azure to the ID in Windchill.

1. Default is Email Address

2. PTC Literature shows you can change Claim/Name change from user.principalname to user.onpremisessamaccountname

which would map your O.S. Log In Syntax.

 

Talk with you MS Azure expert on whether there is a different value that they have in MS Azure that is equivalent to firstname.lastname.

 

Brian 

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags