Server configuration for Single Sign-on (SSO)
This topic explains how to configure a server to enable single sign-on.
Configuring the web.config file
1. Install PTC Modeler with Web Interface on the server.
2. Add the following keys and values to the web.config file, in the <appSettings> section, SSO Settings subsection. The web.config file is located here: C:\inetpub\wwwroot\PTC Integrity Modeler Web Interface.
Key
Value
Description
SSOEnabled
true
Enable or disable the SSO feature on the server
OAuthTokenReValidInterval
-1
Time in seconds that the validity of the token will be checked with the IDP (-1 does not revalidate and uses expires_in from the Token)
OAuthTokenValidateTimeOut
10000
Time in milliseconds that Web Interface waits for a response from the OAuth server before returning the response as timed-out
AuthorizationURI
https://<server>:<port>/as/authorization.oauth2
URI for OSLC server authentication
OAuthAccessTokenURI
https://<server>:<port>/as/token.oauth2
URI for obtaining OAuth access token
Contact the PingFederate server administrator
OAuthRequestTokenURI
https://<server>:<port>/idp/SSO.saml2
URI for obtaining OAuth request token
Contact the PingFederate server administrator
OAuthAccessTokenValidatorURI
https://<server>:<port>/as/token.oauth2?grant_type=urn:pingidentity.com:oauth2:grant_type:validate_bearer
Contact the PingFederate server administrator
DomainPrefix
PingFederate may not return a User Domain Prefix - use this to prefix a <DomainName>\<UserName> to users returned by SSO Token
ClientID
Contact the PingFederate server administrator
Secret
Contact the PingFederate server administrator
The following settings are included in the web.config file to enable PingFederate login option to the Web Interface login page.
Property
Value
OIDC:DiscoveryURI
https://<<server:port>>/.well-known/openid-configuration
OIDC:EndSessionURI
https://<<server:port>>/idp/init_logout.openid
OIDC:Scopes
openid profile email
WINDCHILL_READ
Was this helpful?