Installation and Configuration > Configuring Windchill / Integrity Modeler servers > Configuring Windchill Modeler 9.4 Server > Working with Single Sign-On (SSO) OSLC Servers > Server configuration for Single Sign-on (SSO)
Server configuration for Single Sign-on (SSO)
This topic explains how to configure a server to enable single sign-on.
Configuring the web.config file
1. Install Windchill Modeler with Web Interface on the server.
2. Add the following keys and values to the web.config file, in the <appSettings> section, SSO Settings subsection. The web.config file is located here: C:\inetpub\wwwroot\PTC Integrity Modeler Web Interface.
Key
Value
Description
SSOEnabled
true
Enable or disable the SSO feature on the server
OAuthTokenReValidInterval
-1
Time in seconds that the Validity of the Token will be checked with the IDP (-1 will not ReValidate and uses expires_in from the Token)
OAuthTokenValidateTimeOut
10000
Time in milliseconds that Web Interface will wait for a Response from the OAuth Server before returning the Response as timed-out
AuthorizationURI
https://<server>:<port>/as/authorization.oauth2
URI for OSLC server authentication
OAuthAccessTokenURI
https://<server>:<port>/as/token.oauth2
URI for obtaining OAuth access token
Contact the PingFederate server administrator
OAuthRequestTokenURI
https://<server>:<port>/idp/SSO.saml2
URI for obtaining OAuth request token
Contact the PingFederate server administrator
OAuthAccessTokenValidatorURI
https://<server>:<port>/as/token.oauth2?grant_type=urn:pingidentity.com:oauth2:grant_type:validate_bearer
Contact the PingFederate server administrator
DomainPrefix
PingFederate may not return a User Domain Prefix - use this to prefix a <DomainName>\<UserName> to Users returned by SSO Token
ClientID
Contact the PingFederate server administrator
Secret
Contact the PingFederate server administrator