cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

OKTA SSO and Windchill

OKTA SSO and Windchill

HI

Anybody out there managed to do the integration? If so anyone willing to share their experiences.

 

In particular around the # in the url.

 

Herman

1 REPLY 1

Re: OKTA SSO and Windchill

# in the URL is also called URL Fragments. 

 

The fragments functions differently than the rest of the URL: namely, its processing is exclusively client-side with no participation from the web. When an agent (such as a Web browser) requests a web resource from a Web server, the agent sends the URL to the server, but does not send the fragment. Instead, the agent waits for the server to send the resource, and then the agent processes the resource according to the document type and fragment value.

However, in case of SSO there are multiple redirection happening at SP, Ping and IdP, so the fragments by their nature are not sent in the initial requests and thus after the authentication when the URL comes back to SP like Windchill, it only have the URL before the fragment, which usually redirects to the
Windchill Home Page.

 

By adding %23 the URL converts from fragment to an absolute encoded URL and is sent as is in the initial request and thus finally it redirects to the page where we started with.

 

For time being as there are below options:

  • Worked around the issue by performing some customization to redirect Windchill accessing request to the landing page before authentication. On that landing page use javascript to convert '#' to '%23'. Then user should click 'OK' button to perform authentication via Shibboleth SP and other SSO components.
  • May be its possible through URL Rewrite, but this will need extensive testing.
Announcements
LiveWorx Call For Papers Happening Now!