Install, License, and Configure ThingWorx Navigate > Set Up ThingWorx Navigate with Windchill Authentication
  
Set Up ThingWorx Navigate with Windchill Authentication
Before you set up Windchill Authentication, make sure your system meets these prerequisites:
Windchill—Configured with SSL.
ThingWorx—We recommend configuring ThingWorx with SSL.
2–way SSL configuration.
Make sure you have imported the Windchill SSL certificate to the ThingWorx TrustStore file.
For more information on configuring SSL, see these topics:
Set Up ThingWorx Navigate with SSL
Using SSL for Secure Communication
* 
If you have a Windchill cluster with Windchill configured as HTTP, make sure to do the required manual steps at the end of this procedure.
Establish the Windchill Connection
On this page, provide the details for your Windchill connection.
1. Enter the Windchill server URL:
To connect to a single Windchill server—Make sure the URL follows the format [http or https]://[windchill-host]:[windchill-port]/[windchill-web-app]
For cluster Windchill environments—Enter the URL of the load balancing router. For example, [https]://[LB-host]:[port]/[windchill-web-app].
The URL format depends on your system’s configuration. In Configure ThingWorx Navigate with a Clustered Windchill Environment, see the sections for Windchill Authentication.
To connect to multiple Windchill systems—For now, connect to a single server. Then, after you complete the initial configuration, follow the manual steps in Configure ThingWorx Navigate to Connect to Multiple Windchill Systems.
2. Click Next.
Windchill Authentication settings
Before you provide the information on this screen, prepare the correct KeyStore and TrustStore files:
ThingWorxKeyStore file—Create a new ThingWorx KeyStore file using the Java keytool utility. Make sure to include the ThingWorx Key Pair. This is a client certificate used for accessing data from Windchill using the 2-way SSL configuration on the ThingWorx Navigate and Windchill sides. For more details, see Using SSL for Secure Communication.
* 
This ThingWorx KeyStore file is different than the Apache Tomcat KeyStore file that you may have created during the installation of ThingWorx Navigate. These separate KeyStore files serve different purposes, and it is important to provide the correct file in the correct location.
ThingWorxTrustStore file—Provide the TrustStore file according to whether your Apache Tomcat is configured with SSL:
Apache Tomcat with SSL—Use the same ThingWorx TrustStore file that you used during the installation to configure Apache Tomcat with SSL. Then, use the keytool utility to import the Windchill SSL certificate to the ThingWorx TrustStore file.
Apache Tomcat without SSL—Create a ThingWorx TrustStore file using the Java keytool utility, and then import the Windchill SSL certificate into the TrustStore file.
Instructions for creating these files are in the topic Set Up ThingWorx Navigate with SSL. For reference material on setting up 2-way SSL, see Using SSL for Secure Communication.
Now that you have the correct files prepared, you can provide the information on the Windchill Authentication Settings screen:
1. Next to KeyStore File, click Fetch file icon, and then browse to the ThingWorx KeyStore file you created above.
* 
Remember, the ThingWorx KeyStore file is different than the Apache Tomcat KeyStore file.
2. Enter the Password you defined when you created the KeyStore file.
3. Next to TrustStore File, click Fetch file icon, and then browse to your ThingWorx TrustStore file.
4. Enter the Password.
5. Next to Session User Query Parameter, accept the default value.
* 
In most cases, you should accept the default value for this parameter. Only change it if the Windchill administrator changed this default setting in Windchill.
6. Click Next. The Summary: Configuration Settings page opens.
Summary: Configuration Settings
1. Review the settings, and then click Configure. ThingWorx Navigate is configured.
2. Select the check boxes to open one or both programs:
Open ThingWorx Navigate
Open ThingWorx Composer
Then, click Close.
Complete the Windchill cluster configuration
First, make sure that you have completed the steps in Configure ThingWorx Navigate with a Clustered Windchill Environment, especially the required Windchill-side steps.
If your system is configured with a Windchill cluster and Windchill as HTTP, you must complete some additional steps now. These steps are required to fetch data from Windchill and have a successful WindchillThingWorx Navigate connection.
We need to use the trustedAuth option in Windchill, and this requires some updates in the connector and the connector proxy settings:
* 
Remember that the load balancer URL uses the HTTPS protocol.
1. In ThingWorx Composer, open the ptc-windchill-connector.
2. Click Configuration, and then next to Base URL, enter the following URL:
[https]://[LB-host]:[port]/[windchill-web-app]/trustedAuth
3. Click Save.
4. Open ptc-windchill-connector-proxy, and then click Configuration.
5. Next to Test Connection URL, enter this URL:
[https]://[LB-host]:[port]/[windchill-web-app]/trustedAuth/servlet/WindchillAuthGW/wt.httpgw.HTTPServer/echo
6. Click Save.
Your Windchill cluster configuration is now complete.
Next steps
Your ThingWorx Navigate is installed and licensed, and the basic configuration is complete. The ThingWorx Navigate tasks are now ready to use. To sign in, users should use their Windchill user name and password.
The next required step is to grant permission to non-administrative users. Follow the steps in Modify ThingWorx Permissions: Users and Groups.
You can also move on to the optional configurations, such as these:
Connect to SAP
Configure with multiple Windchill systems