Update the Windchill Configuration File
Two Windchill files,
securityContext.properties file and
Web.xml file must be edited to enable OAuth in Windchill. For more information, refer to
Configure OAuth Delegated Authorization.
1. Update below properties in securityContext.properties file through site.xconf utility.
◦ wt.oauth2.token.userNameAttribute
◦ wt.oauth2.token.tokenType
◦ wt.oauth2.token.scopeAttribute
2. Add following properties in wt.properties file through site.xconf utility.
◦ wt.jwt.oauth2.token.issueAtTime
◦ wt.jwt.oauth2.token.azure.tenantId
◦ wt.jwt.oauth2.token.audience
◦ wt.jwt.oauth2.token.tokenIssuer
◦ wt.jwt.oauth2.token.algorithm
◦ wt.jwt.oauth2.token.kidUrl
3. Update wt.jwt.oauth2.token.jwtIdpTyp = azure in securityContext.properties file through securityContext.properties.xconf. If no value is provided for this property, Azure specific attributes in the token are ignored and standard JWT claims validation is done.
4. Add the location of the securityContext.properties file to the WEB-INF/web.xml file. The WEB-INF/web.xml file must reference the securityContext.properties file. The Web.xml file is located at /Codebase/WEB-INF/Web.xml. Add the location to the parameter value for the location of the Spring root web application context. The following example is valid if you have kept the securityContext.properties file saved in its default directory. Add the path WEB-INF/security/config/securityContext.xml to <param-value>config/mvc/applicationContext.xml</param-value>. The structure of the context parameter should be:
<context-param>
<description>Location of Spring root web application context</description
<param-name>contextConfigLocation</param-name>
<param-value>config/mvc/applicationContext.xml
WEB-INF/security/config/securityContext.xml</param-value>
</context-param>
|
The location of the securityContext.properties file is also referenced in securityContext.xml. If you change the directory location of securityContext.properties, update the references to the new location in Web.xml and securityContext.xml.
|
5. Add a SpringSecurityFilterChain code snippet before the <filter-mapping> tag within the Web.xml file like:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/oauth/*</url-pattern>
Add the following code snippet before the <servlet-mapping> tag within the Web.xml file.
<servlet>
<description>Bridge Servlet for Oauth Access</description>
<servlet-name>OauthAuthBridgeServlet</servlet-name>
<servlet-class>wt.servlet.AuthBridgeServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>OauthAuthBridgeServlet</servlet-name>
<url-pattern>/oauth/*</url-pattern>
</servlet-mapping>
6. Restart the Windchill and Apache servers. Verify that the Windchill participates in delegated the authorization with your SSO network.