Set Up ThingWorx Navigate with Windchill Authentication

Install, License, and Configure ThingWorx Navigate > Install ThingWorx Navigate on an Existing ThingWorx Instance > Configure ThingWorx Navigate > Set Up ThingWorx Navigate with Windchill Authentication

This option uses Windchill authentication for ThingWorx. A user that opens a ThingWorx Navigate mashup is routed to Windchill for authentication. Once authenticated, the user is routed back to the ThingWorx Navigate mashup. From this point of view, the user is able to access the ThingWorx Navigate mashup as the user authenticated in Windchill.

For technical details, see Architecture of Windchill Authentication

This configuration requires that the same user exists in both Windchilland ThingWorx. ThingWorx Navigate provides an option to automatically create users in ThingWorx once they have been authenticated in Windchill. If this option is not enabled, users must independently exist in both Windchill and ThingWorx. After creating a user in ThingWorx, the administrator needs to add the user to the specified ThingWorx group in order to access the ThingWorx tasks.

For more information, see Architecture of Windchill Authentication

Prerequisites for Windchill authentication:

• Windchill must be configured with SSL.

• We also recommend to configure ThingWorx with SSL.

• In Windchill authentication we use 2–way SSL configuration. For more information, see Using SSL for Secure Communication.

Complete the following steps to configure ThingWorx Navigate with Windchill:

1. If EnableSSO appears in platform-settings.json (ThingworxPlatform), set it to false and restart Tomcat.

If it does not appear in platform-settings.json, and you are using out-of-the-box platform-settings.json, you can skip to step 2.

2. Open ptc-windchill-integration-connector and select Configuration

◦ Set Authentication Type to None

◦ No need to fill out Username and Password

◦ Next to the Base URL, enter this URL:

https://<Windchill Hostname>:<port>/Windchill/sslClientAuth

and click Save.

3. Open ptc-windchill-integration-connector-proxy and select Configuration

◦ URL:

https://<Windchill Hostname>

◦ Set Authentication Type to Session User

◦ Next to Test Connection URL, enter this URL:

[https]://[LB-host]:[port]/[windchill-web-app]/servlet/WindchillAuthGW/wt.httpgw.HTTPServer/echo

and click Save.

◦ There’s no need to enter a user name and password.

◦ In SSL Connection Configuration specify the path to Keystore and TrustStore information, and add passwords.

◦ In Session User Configuration, verify that wt.effectiveUid is the value of Session User Query Parameter, unless stated otherwise in Windchill.

4. Configure the ptc-windchill-OData-connector to connect to Windchill OData REST services. Refer to the "Windchill Authentication" section of Executing Info*Engine services with the OData Connector for detailed instructions.