Skip to main content
A
alexknelson1-Visitor
1-Visitor
June 12, 2012
Question

9.1 and beyond SAML & AD support.

  • June 12, 2012
  • 1 reply
  • 3513 views

Beyond InfoEngine and Software Build Tools...is SAML authentication supported by Windchill? We're looking for a way to have Windchill reference our AD security groups.

Thanks,

Alex

1 reply

J
JørnAHansen1-Visitor
1-Visitor
June 13, 2012

You mention SAML but also that what you want to gain is having Windchill reference you AD groups. Depending on what you want to do with the groups SAML might not be required. so please explain a bit more ...

If it's just that you want user authentication to be handled with AD as the source for passwords and group membership it should be covered by the Windchill docs already

One thing SAML might provide is single-sign-on for simple browser access which might only require Apache and ADFS configuration using something like Shibboleth for the SAML relying party on Apache because Windchill out of the box relies on Apache for the authentication. See e.g. http://stackoverflow.com/questions/7256890/how-can-i-secure-tomcats-webapps-with-adfs-2-0-and-saml-sso

Note I have not tried setting SAML based sso up with Windchill though only done some reading on the topic. I don't know if there will be problems with special client side configurations (DTI, WGM and Java applets in the browser).

A
alexknelson1-VisitorAuthor
1-Visitor
June 14, 2012

My goal is to have users login with their AD credentials and to Windchill permissions be controlled by AD security groups. The only reference to AD I've seen to date has been in relation to ldap and simply logging in...nothing to do with security groups.

I mentioned SAML as my IT security team told me to look for it...we are now trying to use ADFS (which uses SAML) for SSO as well.

J
JørnAHansen1-Visitor
1-Visitor
June 18, 2012

Ahh OK, I think I understand a bit more what you are aiming for then. Note the existing Windchill documentation regarding LDAP and AD also mention mapping to groups in AD. See this chapter: http://www.ptc.com/cs/help/windchill_hc/wc100_hc/index.jspx?id=WCInstall_MapUserGroup&action=show

Please keep us posted on your experiences with going down the ADFS for SSO route, either it's good or bad. It might be helpful to others...

Terms & ConditionsCookie settingsAccessibility statement