cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Need help navigating or using the PTC Community? Contact the community team. X

Windchill Authentication to LDAP Proxy for 2FA

avillanueva
22-Sapphire II

Windchill Authentication to LDAP Proxy for 2FA

I am not an expert in Apache configuration but I've been in the tool enough to know the basic plumbing.  We are looking to use a new LDAP proxy for two factor authentication. This proxy checks both AD and a DUO server when a user logs in. Both keys are provided by the users. What I am being told is that the Apache server is checking LDAP every time each URL or request is clicked. We are using basic authentication.  

 

They had expected the webserver to only ask once on creation of the session for credentials but cache those and not check again.  I am 100% sure that Apache is hitting back to the LDAP proxy each url click.  This means when the pin code for 2FA expires after a few mins, the authentication fails and the user gets prompted for login.  This is not experience when using just AD authentication. Is there a setting that is not default with Windchill's Apache configuration that tells it to not contact AD again when it already received a thumbs up from the LDAP server previously? Some type of LDAP caching?  Checking additions.conf, it would appear so but what am I missing?

0 REPLIES 0
Announcements


Top Tags