Anybody out there managed to do the integration? If so anyone willing to share their experiences.
In particular around the # in the url.
# in the URL is also called URL Fragments.
The fragments functions differently than the rest of the URL: namely, its processing is exclusively client-side with no participation from the web. When an agent (such as a Web browser) requests a web resource from a Web server, the agent sends the URL to the server, but does not send the fragment. Instead, the agent waits for the server to send the resource, and then the agent processes the resource according to the document type and fragment value.
However, in case of SSO there are multiple redirection happening at SP, Ping and IdP, so the fragments by their nature are not sent in the initial requests and thus after the authentication when the URL comes back to SP like Windchill, it only have the URL before the fragment, which usually redirects to the
Windchill Home Page.
By adding %23 the URL converts from fragment to an absolute encoded URL and is sent as is in the initial request and thus finally it redirects to the page where we started with.
For time being as there are below options:
We have same issue and attempted solutions as mentioned in second bullet by URL rewrite. But it does not work at Apache level as Anchor part is not sent to server. Arpit/all could you please provide some more information about the customization mentioned in first bullet. Is this customization of extra landing page done at the IDP (Okta) side?
If not is it done at SP side and how?
We don't have instructions to do this customization. However this needs to be done on Windchill, where it encodes the # before it redirects the URLs.
Please note that officially PTC does not support any of those workarounds mentioned there.