cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Help us improve the PTC Community by taking this short Community Survey! X

Single Sign on Implementation on windchill

SModugu
12-Amethyst
12-Amethyst
‎Jun 07, 2023 01:32 AM
‎Jun 07, 2023 01:32 AM

Single Sign on Implementation on windchill

Hi @HelesicPetr  @avillanueva @BenLoosli  and everyone,

 

 

what are the general high level steps involved in implementing the SSO on windchill PDMlink?

PS: identity provider in our company is LDAP AD and CAS is Pingfederate which is already being configured.

Labels:
0 Kudos
Notify Moderator
7 REPLIES 7
HelesicPetr
22-Sapphire I
22-Sapphire I
(To:SModugu)
‎Jun 07, 2023 07:03 AM
‎Jun 07, 2023 07:03 AM

Hi @SModugu 

I would say you need to study how to set a apache web server to allow the connection to windchill.

I have experience with a IBM WebSEAL. The WebSEAL cares about sso and all http communication goes throw the WebSEAL to an Apache. 

Apache is just set to allow the users from webseal autologin to the Windchill. 

sure the Windchill alias web address is set that WebSEAL works as a proxy server

PetrH

AVENG
0 Kudos
Notify Moderator
shussaini
16-Pearl
16-Pearl
(To:SModugu)
‎Jun 07, 2023 08:58 AM
‎Jun 07, 2023 08:58 AM

You can check the PTC IAM documentation.

 

Hope this helps.

 

regards

~Syed

0 Kudos
Notify Moderator
jbailey
17-Peridot
17-Peridot
(To:SModugu)
‎Jun 07, 2023 11:16 AM
‎Jun 07, 2023 11:16 AM

So when you say SSO, do you mean not having to directly log in (use credentials stored) ? or do you want to do SAML authentication?

0 Kudos
Notify Moderator
SModugu
12-Amethyst
12-Amethyst
(To:jbailey)
‎Jun 08, 2023 06:44 AM
‎Jun 08, 2023 06:44 AM

I want to configure SSO to work with Windchill with an SAML authentication protocols.

0 Kudos
Notify Moderator
HelesicPetr
22-Sapphire I
22-Sapphire I
(To:SModugu)
‎Jun 08, 2023 06:56 AM
‎Jun 08, 2023 06:56 AM

Hi @SModugu 

Following link can be helpful. https://cxf.apache.org/docs/saml-web-sso.html#SAMLWebSSO-Introduction

 

PetrH

AVENG
0 Kudos
Notify Moderator
ADAMBESAW
4-Participant
4-Participant
(To:jbailey)
‎Aug 28, 2023 02:47 PM
‎Aug 28, 2023 02:47 PM

How to directly log in to Windchill without having to click the OK button with user and passwords remembered?

0 Kudos
Notify Moderator
jbailey
17-Peridot
17-Peridot
(To:SModugu)
‎Jun 07, 2023 11:30 AM
‎Jun 07, 2023 11:30 AM

If you are talking about SAML authentication using Ping as the IdP, the steps are relatively straight forward.

  • Configure Data Store Connection to AD in Ping
  • Create authentication policy / authenticators in Ping
  • Configure SP connection in Ping
  • Install SP on Windchill Server (PTC recommended is Shibboleth)
  • Configure Apache for Shibboleth 
  • Configure Windchill for protocol auth only
  • If you use Desktop integration, configure msoi files to use WIZARD as the authentication type

Note, if your user attribute in the infoengine connection is something other than UID (ie sAMAccountName) AND you are using electronic signatures, modify codebase\reauthsecure\SSOReauthentication.jsp to get the right variable from the header.

 

Also, use SAML tracer for troubleshooting... it is an INVALUABLE aid to SAML debugging

Notify Moderator
Top Tags