Windchill SSO (OpenID Connect) with PingFederate as AS
We have configured the SSO (PingFederate) solution with Windchill PDMLink 11.1 using OpenID Connect protocol (OIDC). We have enabled it at Apache (version 2.4) level by protecting all the resources with the mod_auth_oidc module on RHEL7 server.
All works fine, we have succeeded to login to Windchill application, DTI, and CAD tools with SSO but we are not able to call Web Services REST (OData and customized endpoints) and SOAP (Info*Engine) as before with basic authentication. We tried also to call the Web Services APIs with an access_token following the OpenID Connect flows (like client_credentials and password) but it did not work, the response is always the SSO authentication web page that means the user interaction is required for this process.
Another point, how to allow administrators users (like wcadmin) to access Windchill without SSO?
Does anyone accomplished this before or have any suggestions to solve those problems?