Creating OAuth Client Connections for Windchill
For supported SSO scenarios, Windchill acts as a resource server to ThingWorx and applications built on the platform, such as ThingWorx Navigate. Windchill connects to a PingFederate OAuth client to verify the authenticity of the access tokens it receives from those applications. To create this OAuth client, complete the following steps:
1. On the OAuth Settings page, locate the Clients section and click Create New.
2. Enter a Client ID. Make a note of this value, it will be needed when configuring the Windchill securityContext.properties file.
3. Select Client Secret and enter a client secret value. Make a note of this value, it will be needed when configuring the Windchill securityContext.properties file.
4. In the Name field, enter a descriptive value. This is displayed in the PingFederate Clients list.
5. Enter a Description.
6. In the Allow Grants Types section, select Access Token Validation (Client is a Resource Server).
7. In the Persistent Grants Expiration section, select Use Global Setting.
8. In the Refresh Token Rolling Policy section, select Use Global Setting.
After you have created this OAuth Client, work with your
Windchill administrator to configure that system to connect to this client. You will need to provide the client ID and client secret so the
Windchill Administrator can complete this step. For more information, see
Configure OAuth Delegated Authorization in the
Windchill Help Center.