Set Up ThingWorx Navigate with Windchill Authentication
This option uses Windchill authentication for ThingWorx. A user that opens a ThingWorx Navigate mashup is routed to Windchill for authentication. Once authenticated, the user is routed back to the ThingWorx Navigate mashup. From this point of view, the user is able to access the ThingWorx Navigate mashup as the user authenticated in Windchill.
This configuration requires that the same user exists in both Windchilland ThingWorx. ThingWorx Navigate provides an option to automatically create users in ThingWorx once they have been authenticated in Windchill. If this option is not enabled, users must independently exist in both Windchill and ThingWorx. After creating a user in ThingWorx, the administrator needs to add the user to the specified ThingWorx group in order to access the ThingWorx tasks.
|
Prerequisites for Windchill authentication:
• Windchill must be configured with SSL.
• We also recommend to configure ThingWorx with SSL.
|
Complete the following steps to configure ThingWorx Navigate with Windchill:
1. If EnableSSO appears in platform-settings.json (ThingworxPlatform), set it to false and restart Tomcat.
|
If it does not appear in platform-settings.json, and you are using out-of-the-box platform-settings.json, you can skip to step 2.
|
2. Open ptc-windchill-integration-connector and select Configuration
◦ Set Authentication Type to None
◦ No need to fill out Username and Password
◦ Next to the Base URL, enter this URL:
https://<Windchill Hostname>:<port>/Windchill/sslClientAuth
and click Save.
3. Open ptc-windchill-integration-connector-proxy and select Configuration
◦ URL:
https://<Windchill Hostname>
◦ Set Authentication Type to Session User
◦ Next to Test Connection URL, enter this URL:
[https]://[LB-host]:[port]/[windchill-web-app]/servlet/WindchillAuthGW/wt.httpgw.HTTPServer/echo
and click Save.
◦ There’s no need to enter a user name and password.
◦ In SSL Connection Configuration specify the path to Keystore and TrustStore information, and add passwords.
◦ In Session User Configuration, verify that wt.effectiveUid is the value of Session User Query Parameter, unless stated otherwise in Windchill.