Solved: Unable to set up Form Based Authentication

tarik.wifak.p · ‎Nov 07, 2024

Version: Windchill 13.0

Use Case: Switch from basic authentication in OOTB Windchill to form-based authentication following Help center instructions: https://support.ptc.com/help/windchill/r13.0.2.0/en/Windchill_Help_Center/WCAdvDeployGuide/WCAdvDepAuth_ConfigAltAuth_FormBasedAuth.html#

Description:

Hello,

First of all, when following the help center instructions, we couldn't found the resource without attribute in

<Windchill>/apacheConf/config/authResAdditions.xml file.

2- Where to put the configuration to let Tomcat knows that the app is configured with form-based, because it's not described in the help center page

3- The application url context does not redirect to the new form, it shows the following error:

ERROR : org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/Windchill].[MVCDispatcher]  - Servlet.service() for servlet [MVCDispatcher] in context with path [/Windchill] threw exception [wt.method.AuthenticationException] with root cause wt.method.AuthenticationException
        at wt.session.SessionAuthenticator.reauthenticateUser(SessionAuthenticator.java:251)
        at wt.session.SessionAuthenticator.getUserName(SessionAuthenticator.java:157)
        at wt.auth.AuthenticationServer.getUserName(AuthenticationServer.java:170)
        at wt.session.StandardSessionManager.getAuthenticationName(StandardSessionManager.java:500)
        at wt.session.StandardSessionManager.getPrincipal(StandardSessionManager.java:165)

The form is only displayed when requesting explicitly its URL: http://hostname/Windchill/login/login.jsp

But after put the wcadmin credentials, it shows the following error:

Any help please!

@gdavid

best regards,

gdavid · ‎Nov 25, 2024

We finally found the issue in our case.

First of all, there is an ant command that execute all the configuration of FBA in a Windchill OOTB environment (to be executed in <tomcat>/configAuth :

ant -f authConfig.xml enable

This command update windchill properties and tomcat for a basic FBA.

In our case we detected that the realm was not well configured by this command and I added it manually in the tomcat server.xml and server.xml.default files.

After, it worked.

View solution in original post

BryanK · ‎Nov 07, 2024

Hi,

Have a look at this thread.

https://community.ptc.com/t5/Windchill/Form-based-Authentication-or-Auto-quot-logoff-quot-after-10/m-p/964306#M81538

It may not solve your problem but it has lots of usefull info.

Cheers,

Bryan

gdavid · ‎Nov 12, 2024

Hello,

Thanks for you reply.

We checked this thread but it does not answer to our questions.

The goal is to configured the FBA in a standard Windchill PDMLink and it seems that we were unable to configure correctly the j_security_check mecanisum as in the topic you noticed.

After following the PTC documentation error page is always displayed (with HTTP code 200) and no logs from TOMCAT are generated:

It seems that we missed a configuration.

gdavid · ‎Nov 25, 2024

We finally found the issue in our case.

First of all, there is an ant command that execute all the configuration of FBA in a Windchill OOTB environment (to be executed in <tomcat>/configAuth :

ant -f authConfig.xml enable

This command update windchill properties and tomcat for a basic FBA.

In our case we detected that the realm was not well configured by this command and I added it manually in the tomcat server.xml and server.xml.default files.

After, it worked.