Creating OAuth Client Connections for Windchill
For supported SSO scenarios, Windchill acts as a resource server to ThingWorx and applications built on the platform, such as ThingWorx Navigate. Windchill connects to a PingFederate OAuth client to verify the authenticity of the access tokens it receives from those applications. To create this OAuth client, complete the following steps:
1. On the Applications - OAuth page, locate the Clients section and click Add Client.
2. Enter a Client ID. Make a note of this value, it will be needed when configuring the Windchill securityContext.properties file.
3. Select Client Secret, select the CHANGE SECRET checkbox, and enter a client secret value in the CLIENT SECRET field. Make a note of this value, it will be needed when configuring the Windchill securityContext.properties file.
4. In the Name field, enter a descriptive value. This is displayed in the PingFederate Clients list.
5. Enter a Description.
6. In the Allow Grants Types section, select Access Token Validation (Client is a Resource Server).
7. In the Persistent Grants MAX LIFETIME section, select Use Global Setting.
8. In the Refresh Token Rolling Policy section, select Use Global Setting.
9. Click Save to save the client.
After you have created this OAuth Client, work with your
Windchill administrator to configure that system to connect to this client. You will need to provide the client ID and client secret so the
Windchill Administrator can complete this step. For more information, see
Configure OAuth Delegated Authorization in the
Windchill Help Center.