|
Enclose the value of every property in single quotes.
|
Property | Description | Example | ||
---|---|---|---|---|
global_pingFedHost | Specifies the fully qualified domain name on which PingFederate administrative console runs. The format of the property value is <server fqdn>. | global_pingFedHost='pingfed.yourorg.com' | ||
global_pingFedAdminPort | Specifies the port on which the PingFederate administrative console runs. The format of the property value is <server port>. | global_pingFedAdminPort='9999' | ||
global_pingFedIdpEntityId | Specifies the unique identifier for the security assertion markup language 2.0 (SAML 2.0) entity that represents PingFederate. | global_pingFedIdpEntityId='ptc-pingfed' | ||
global_pingFed_admin_certificate | Specifies the file name of the secure sockets layer certificate (SSL certificate) file trusted by automation scripts while making admin API calls. Specifying a value for this property is optional but recommended because using the certificate enables the secure SSL communication between PingFederate and scripts.
| global_pingFed_admin_certificate='pingfed_admin_ssl.crt' |
Property | Description | Example |
---|---|---|
create_pingfed_signing_cert_organization | Specifies the organization or company name creating the certificate. | create_pingfed_signing_cert_organization='ptc' |
create_pingfed_signing_cert_organizationUnit | Specifies the specific unit within the organization. | create_pingfed_signing_cert_organizationUnit='ent-sso' |
create_pingfed_signing_cert_city | Specifies the city or other primary location where the company operates. | create_pingfed_signing_cert_city='Blaine' |
create_pingfed_signing_cert_state | Specifies the state or other political unit encompassing the location. | create_pingfed_signing_cert_state='MN' |
create_pingfed_signing_cert_country | Specifies the code of the country where the company is based. The country code is represented by a two-letter code. | create_pingfed_signing_cert_country='US' |
create_pingfed_signing_cert_validDays | Specifies the time during which the certificate is valid. | create_pingfed_signing_cert_validDays='36500' |
Property | Description | Example |
---|---|---|
create_sp_connection_baseUrl | Specifies the base URL that hosts the server for your service provider. The format of the property value is: https://<server fqdn>:<server port>. | create_sp_connection_baseUrl='https://thingworx.yourorg.com:8443' where <Service_provider> could be ThingWorx, Windchill RV&S, or Windchill |
create_sp_connection_input_sign_verif_cert | Specifies the file name of the certificate used for verifying the digital signature for the incoming SAML token. | create_sp_connection_input_sign_verif_cert='twx_sp_signing.crt' where <name specific to sp> could be twx, ilm, or wnc. |
create_sp_connection_entityId | Specifies the unique identity for your service provider. Property value for your service provider should be https://<server fqdn>:<server port>/saml/metadata | This example is specific to Windchill RV&S. create_sp_connection_entityId='https://integrity.yourorg.com:8443/saml/metadata' |
Property | Description | Example |
---|---|---|
create_twx_sp_oauth_client_description | Specifies the description of what the client application does. This description appears when the user is prompted for authorization. | create_twx_sp_oauth_client_description='Thingworx service provider OAuth client.' |
create_twx_sp_oauth_client_auth_secret_value | Specifies the OAuth client secret. | create_twx_sp_oauth_client_auth_secret_value='twx-sp-client_1234' |
create_twx_sp_oauth_client_redirectURI | Specifies the URI to which the OAuth authorization server may redirect the resource owner's user agent after authorization is obtained. The format of the property value is: https://<server fqdn>:<server port>/Thingworx/oauth2_ authorization_ code_redirect. | create_twx_sp_oauth_client_redirectURI='https://thingworx.yourorg.com:8443/ Thingworx/oauth2_ authorization_ code_redirect' |
Property | Description | Example |
---|---|---|
create_wnc_oauth_client_description | Specifies the description of what the client application does. This description appears when a user is prompted for authorization. | create_wnc_rp_oauth_client_description='Windchill resource server OAuth client.' |
create_wnc_oauth_client_auth_secret_value | Specifies the OAuth client secret. | create_wnc_rp_oauth_client_auth_secret_value='wnc-rp-client_1234' |
Property | Description | Example |
---|---|---|
create_ilm_oauth_client_description | Specifies the description of what the client application does. This description appears when the user is prompted for authorization. | create_ilm_rp_oauth_client_description='IntegrityLifecycle Manager resource server OAuth client.' |
create_ilm_oauth_client_auth_secret_value | Specifies the OAuth client secret. | create_ilm_rp_oauth_client_auth_secret_value='olm-rp-client_1234' |
Property | Description | Example |
---|---|---|
create_oauth_default_scope_description | Specifies the description of the permissions implied when no scope values are indicated or in addition to any values. This description displays when the user is prompted for authorization. | create_oauth_default_scope_description='Default Scope' |
create_oauth_twx_scope | Specifies the scopes for ThingWorx as the service provider. | create_oauth_twx_scope='THINGWORX' |
create_oauth_twx_read_scope_description | Specifies the description of the scope value for ThingWorx. This description appears when the user is prompted for authorization. | create_oauth_twx_scope_description='Thingworx Scope' |
create_oauth_wnc_read_scope | Specifies the scopes for Windchill as the resource server. | create_oauth_wnc_read_scope='WINDCHILL' |
create_oauth_wnc_read_scope_description | Specifies the description of the scope value for Windchill. This description appears when the user is prompted for authorization. | create_oauth_wnc_scope_description='Windchill Scope' |
create_oauth_ilm_scope | Specifies the scopes for Windchill RV&S as the service provider. | create_oauth_ilm_ scope='INTEGRITY_ READ' |
create_oauth_ilm_ read_scope_ description | Specifies the description of the scope value for Windchill RV&S. This description appears when the user is prompted for authorization. | create_oauth_ilm_ scope_ description= 'Integrity LM Scope' |
Property | Description | Example |
---|---|---|
create_ldap_datastore_hostname | Specifies the domain name system name (DNS name) or internet protocol address (IP address) of the data store that can include a port number. The format of the property value is: <ldap fqdn>:<ldap port>. | create_ldap_datastore_hostname='windchillDS.ptc.com:389' OR create_ldap_ datastore_ hostname= 'integrityLDAP.ptc.com:389' |
create_ldap_datastore_userDN | Specifies the user name required to access the data store. | create_ldap_datastore_userDN='cn=Manager' |
create_ldap_datastore_password | Specifies the password required to access the data store. | create_ldap_datastore_password='password' |
Property | Description | Example |
---|---|---|
create_ldap_pcv_searchBase | Specifies the location in the LDAP directory server from which the search begins. | create_ldap_pcv_searchBase='cn=Windchill_11.0,o=ptc' OR create_ldap_pcv_searchBase='cn=IntegrityOU,o=ptc' |
create_ldap_pcv_searchFilter | Specifies the LDAP query to locate a user record. | create_ldap_pcv_searchFilter='uid=$<username>' |
create_ldap_pcv_scopeOfSearch | Specifies the level of search to be performed in the search base. | create_ldap_pcv_scopeOfSearch='Subtree' |
Property | Description | Example |
---|---|---|
create_idp_adapter_attributeSource_id | Specifies the unique identifier of the attribute source, a specific data store or directory locations containing information that may be needed for the IdP adapter contract or the token authorization workflow. | create_idp_adapter_attributeSource_id='uid' |
create_idp_adapter_attributeSource_description | Specifies the description of the attribute source. | create_idp_adapter_attributeSource_description='uid' |
create_idp_adapter_attributeSource_baseDn | Specifies the base domain name of the attribute source. | create_idp_adapter_attributeSource_baseDn='cn=Windchill_11.0,o=ptc' where <name> could be Windchill, IntegrityOU, and so on. |
create_idp_adapter_attributeSource_SearchScope | Specifies the scope of the search. The valid values are Subtree, One level, and Base. | create_idp_adapter_attributeSource_SearchScope='SUBTREE' |
create_idp_adapter_attributeSource_SearchFilter | Specifies the search filter to use for the search. | create_idp_adapter_attributeSource_SearchFilter='uid=$<username>' |
Property | Description | Example |
---|---|---|
create_idp_adfs_connection_entityId | Specifies the entity identifier that is required to configure ADFS as the identity provider. | create_idp_adfs_connection_entityId=‘http://adfs.org.io/adfs/services/trust’ |
create_idp_adfs_connection_baseUrl | Specifies the base URL that hosts the server for your identity provider. The format of the property value is: https://<server fqdn>:<server port> | create_idp_adfs_connection_baseUrl =‘https://adfs.org.io’ (Specifying a default port is not required.) |
create_idp_adfs_connection_input_sign_verif_cert | Specifies the filename of the certificate that is used to verify the digital signature for the incoming SAML token. | create_idp_adfs_connection_input_sign_verif_cert =’adfs_idp_signing.crt’ |
Property | Description | Example |
---|---|---|
create_idp_saml2_connection_entityId | Specifies the entity identifier that is required to configure the identity provider. | create_idp_saml2_connection_entityId= 'http://www.okta.com/exk15nb0a9fkh36Aq2p7' |
create_idp_saml2_connection_baseUrl | Specifies the base URL that hosts the server for your identity provider. The format of the property value is: https://<server fqdn>:<server port> | create_idp_saml2_connection_baseUrl='https://org.okta.com' (Specifying a default port is not required.) |
create_idp_saml2_connection_input_sign_ verif_cert | Specifies the file name of the certificate that is used to verify the digital signature for the incoming SAML token. | create_idp_saml2_connection_input_sign_verif_cert= 'saml2_idp_signing.crt' |
create_idp_saml2_connection_assertion_ consumer_service_url | Specifies the URL for the hypertext transfer protocol resource (HTTP resource) that processes the SAML protocol messages. This URL returns a cookie that represents the information that is extracted from the message. | create_idp_saml2_connection_assertion_consumer_service_url= '/app/org399352_pingfed_1/exk15nb0a9fkh36Aq2p7/sso/saml' |
create_idp_saml2_attr_uid | Specifies the name of the attribute contract, an extended attribute in the SAML assertion that it will send as an IdP to the service provider, where the service provider could be ThingWorx, Windchill, or PingFederate. | create_idp_saml2_attr_uid='uid' |
create_idp_saml2_attr_group | Specifies the group of the attribute contract, an extended attribute in the SAML assertion that it will send as an IdP to the service provider, where the service provider could be ThingWorx, Windchill, or PingFederate. If a group attribute is not available from the IdP or if you do not want to map it, you may remove this property from the user.properties file. | create_idp_saml2_attr_group='group' |
create_idp_saml2_attr_email | Specifies the e-mail address of the attribute contract, an extended attribute in the SAML assertion that it will send as an IdP to the service provider, where the service provider could be ThingWorx, Windchill, or PingFederate. If an e-mail attribute is not available from the IdP or if you do not want to map it, you may remove this property from the user.properties file. | create_idp_saml2_attr_email='emailaddress' |