Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more! X
Hi @HelesicPetr @avillanueva @BenLoosli and everyone,
what are the general high level steps involved in implementing the SSO on windchill PDMlink?
PS: identity provider in our company is LDAP AD and CAS is Pingfederate which is already being configured.
Hi @SModugu
I would say you need to study how to set a apache web server to allow the connection to windchill.
I have experience with a IBM WebSEAL. The WebSEAL cares about sso and all http communication goes throw the WebSEAL to an Apache.
Apache is just set to allow the users from webseal autologin to the Windchill.
sure the Windchill alias web address is set that WebSEAL works as a proxy server
PetrH
So when you say SSO, do you mean not having to directly log in (use credentials stored) ? or do you want to do SAML authentication?
I want to configure SSO to work with Windchill with an SAML authentication protocols.
Hi @SModugu
Following link can be helpful. https://cxf.apache.org/docs/saml-web-sso.html#SAMLWebSSO-Introduction
PetrH
How to directly log in to Windchill without having to click the OK button with user and passwords remembered?
If you are talking about SAML authentication using Ping as the IdP, the steps are relatively straight forward.
Note, if your user attribute in the infoengine connection is something other than UID (ie sAMAccountName) AND you are using electronic signatures, modify codebase\reauthsecure\SSOReauthentication.jsp to get the right variable from the header.
Also, use SAML tracer for troubleshooting... it is an INVALUABLE aid to SAML debugging