cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about PTC Community Badges. Engage with PTC and see how many you can earn! X

Switch wcadmin role to user account with Windchill Shell

ThreeBlindMice
13-Aquamarine

Switch wcadmin role to user account with Windchill Shell

Version: Windchill 12.1

 

Use Case: We recently configured our Windchill to use SSO on our development server. One thing I overlooked was giving my user ID admin privileges, because we were so used to just logging in as the wcadmin in the browser to do our admin stuff. Now we don't have a way to login as wcadmin, I am looking for a way to give my user ID admin privileges, possibly through the windchill shell?


Description:

I tried just disabling Shibboleth, our SAML service provider, but the configuration runs too deep in our windchill install to get the web page up and running.

ACCEPTED SOLUTION

Accepted Solutions
ThreeBlindMice
13-Aquamarine
(To:Fadel)

Appreciate the video Fede, but I still had errors when performing the windchill shell commands. 

 

I found Article - CS349937 - How to enable basic authentication for rest endpoints while Windchill is configured with SSO depending on the client which is accessing Windchill which ended up being an easy way to disable SSO for a specific browser, logging in as wcadmin, and adding myself to the admin list.

View solution in original post

4 REPLIES 4
Fadel
22-Sapphire II
(To:ThreeBlindMice)

Hi , 

 

If I undestood correctly you wan to assign your user ID to the Site Administrators groups via Shell ? 

If this is the case we can load XML file to assign a user to a group ,the hook is that commands needs a Site Admin credentials.

windchill wt.load.LoadFromFile -d <path to xml> -u <username> -p <password> 

 

<?xml version="1.0"  encoding="UTF-8"?>
<!DOCTYPE NmLoader SYSTEM "standardX20.dtd">
<NmLoader>
        <csvUserGroup handler="wt.load.LoadUser.createUserGroup">
                <csvuser></csvuser>
                <csvgroupName>Administrators</csvgroupName>
                <csvuserName>test_user</csvuserName>
        </csvUserGroup>
</NmLoader>

 

 

Fede
ThreeBlindMice
13-Aquamarine
(To:Fadel)

Thanks for the reply Fede.  I am getting the following error in the shell when I try to load that xml:

 

The operation: "getPrincipal" failed.
Nested exception is: wt.util.WTRemoteException: Unable to invoke remote method
Nested exception is: wt.method.AuthenticationException

 

Is my user ID that I want added to the wcadmin group supposed to go where "test_user" is?

What about the csvuser variable?

 

I did find article Article - CS355355 - We want some generic users (for example wcadmin) to login to Windchill from Creo Parametric with Basic Authentication (instead of SSO)  so I will try this later today

Fadel
22-Sapphire II
(To:ThreeBlindMice)

Hi ,

 

yes you are right it is user name , see demo video attached 

 

The error you are having is due to SSO , the command should be changed like : 

windchill --javaargs="-Dwt.auth.trustedAuth.username=wcadmin"  wt.load.....

 

same logic as in https://www.ptc.com/en/support/article/CS393224 

 

BR,

Fadel

Fede
ThreeBlindMice
13-Aquamarine
(To:Fadel)

Appreciate the video Fede, but I still had errors when performing the windchill shell commands. 

 

I found Article - CS349937 - How to enable basic authentication for rest endpoints while Windchill is configured with SSO depending on the client which is accessing Windchill which ended up being an easy way to disable SSO for a specific browser, logging in as wcadmin, and adding myself to the admin list.

Announcements


Top Tags