Single Sign on Implementation on windchill

Hi @SModugu 

I would say you need to study how to set a apache web server to allow the connection to windchill.

I have experience with a IBM WebSEAL. The WebSEAL cares about sso and all http communication goes throw the WebSEAL to an Apache. 

Apache is just set to allow the users from webseal autologin to the Windchill. 

sure the Windchill alias web address is set that WebSEAL works as a proxy server

PetrH

You can check the PTC IAM documentation.

Hope this helps.

regards

~Syed

So when you say SSO, do you mean not having to directly log in (use credentials stored) ? or do you want to do SAML authentication?

If you are talking about SAML authentication using Ping as the IdP, the steps are relatively straight forward.

• Configure Data Store Connection to AD in Ping
• Create authentication policy / authenticators in Ping
• Configure SP connection in Ping
• Install SP on Windchill Server (PTC recommended is Shibboleth)
• Configure Apache for Shibboleth 
• Configure Windchill for protocol auth only
• If you use Desktop integration, configure msoi files to use WIZARD as the authentication type

Note, if your user attribute in the infoengine connection is something other than UID (ie sAMAccountName) AND you are using electronic signatures, modify codebase\reauthsecure\SSOReauthentication.jsp to get the right variable from the header.

Also, use SAML tracer for troubleshooting... it is an INVALUABLE aid to SAML debugging