Hi! 

The article that you're referring to has been hidden from public view. Do you have access to it, or can divulge its contents or proposed method? 

You need to have a valid PTC Tech Support account to see those.

Nope, actually hidden.  PTC occasionally hides articles for various reasons.  If the article is valid and relevant to SSO configuration, please log a PTC support call asking for it to be made public again.

Our VAR was denied access as well. Has access been rescinded, or hasn't the article been revealed to the public just yet? 

My bad. Never knew they did this. Wonder why? I do not want to misquote what it said but we ended up not using it. It caused issue with ThingWorx. We ended up using protocolAuth method:

https://www.ptc.com/en/support/article/CS381855?source=search

Thanks! Then I'll use no more effort on it.

Perhaps it was withdrawn for the same reason you ended up not using it.

This is what I used for mine:

<LocationMatch ^/+Windchill/+protocolAuth(;.*)?>
  AuthName "Windchill"
  AuthType Basic
  AuthBasicProvider 1-Windchill-EnterpriseLdap
  Require valid-user
</LocationMatch>

<Location /basicLogin.html>
  AuthName "Windchill"
  AuthType Basic
  AuthBasicProvider 1-Windchill-EnterpriseLdap
  Require valid-user
</Location>

The solution on that page was to create a HTML page that was setup as basic auth. Using the protocolAuth method was a lot better and since it acts like a prefix on any generated URL. 

Thanks! We tested a similar solution that was paired with an ipmatch towards REMOTE_ADDR only to allow basic login from certain IP-adresses. We wanted to try limit administrator login from certain locations only. That worked pretty well, though we saw some challenges when using SSO and basicLogin with WGM and DTI, and I had hoped to find some more information about other solutions. I will revisit this later though, after some new rounds of rehosting, patching, and migration. 

It did not contain +protocolAuth, so I'll keep this in mind when I later will reapply config.

See attached