We want to have a second level authentication (RSA) for a group of users.
Once, the user inserts username, password, they get authenticated against LDAP.
Now, at this point, we will check LDAP groups of the user.
If user belongs to certain groups, we will ask to insert RSA credentials to the user.
After this second authentication, Windchill will get launched.
If the user is not in those particular LDAP groups, Windchill will get launched without RSA authentication.
The help we need is, how can we plug all these new mechanism?
I have created a servlet which accepts username as input and does remaining things.
But, where can we put it in the configuration? (in between OOTB login and launch).
Interesting, I was about to start a discussion on this. We are on a similar path with our Windchill system and have a prototype working in our development environment.
First of all, customizing Windchill to achieve is a costly affair to design,develop and maintain. You can do only so much with basic authentication and to have better flexibility you will have to switch to a form based authentication. I am not sure how many of these authentication servlets are supported for customization. Needless to say, you are on your own for any upgrades or updates.
Could you share a bit details about the SSO/ADC solution that you talked about as option 1.
We can connect offline as well if you want.