Using Windchill Integration for Software Build Tools with Certificate-Based Authentication
You can configure the web service for Software Build Tools to work with certificate-based authentication. This configuration allows access to the web service through a certificate exchange. However, this configuration must be done with considerations to security as it does not restrict access. After configuring the web service, you can activate it using a Windchill user name. That is, any valid user name can be used for authentication without providing a password. The certificate replaces the password. Hence this configuration must be done with utmost considerations to security as it does not restrict access to any specific user.
Configuring for Certificate-Based Authentication
An administrator can configure the web service for Software Build Tools using the SAML security policy using the following procedure:
1. Create the keystores and truststores files using the instructions given in the section “Truststores and Keystores” in the Help topic “Understanding the Security Requirements” in the Windchill Help Center.
* 
The jws-stores.xml build script can generate client or server keystore and truststore pairs for use by Info*Engine Web service. You can use the jws-stores.xml build script as a sample to generate truststores and keystores for your web services and clients with your own certificates.
2. Redeploy the web service into the Windchill server as follows:
cd <your local view root>\Rialto\modules\RBMWebServiceCore\src
ant -f %WT_HOME%/bin/adminTools/WebServices/build.xml -Dservlet.name=RBMWSCoreService -Dtype.id=com.ptc.rialto.RBMWSCoreService -Dsecurity.policy=samlsv generate
* 
SAML is not an appropriate security policy to use in case you have installed the Software Build Tools client on your desktop.
For a valid configuration, you need a security.properties file for the server. The default file typically resides at %WT_HOME%\Windchill\bin\adminTools\WebServices. To use another file, override it by adding -Dsecurity.properties.file= to the ant command.
* 
Specify the absolute path for %WT_HOME%.
The security.properties file resides at %WT_HOME%\Windchill\bin\adminTools\WebServices only if you have created it using the jws-stores.xml script.
The security.properties file must contain paths to the keystores and truststores files for the server, a password, and the certificate name. Also, the handler.config line in the file must indicate the SAML handler.
3. Disable the authentication protection for the web server basic by removing RBM-specific entries from the Apache conf files. To do so, edit the app-Windchill-Auth.conf and the app-Windchill-AuthRes.xml files at ${APACHE_HOME}/conf/extra.
4. Start the Windchill server and reconfigure the client JAR file to use the SAML security policy as follows:
cd %WT_HOME%\Windchill\codebase\client\jws
java -jar webservices-support.jar -clientJar %WT_HOME%\Windchill\codebase\client\jws\RBMWebServiceCore.jar -securityProperties <path to> security.properties
5. Activate the web service for Software Build Tools by providing a standard Windchill user name and the regular command parameters.
For more information on setting up the security policy, see related documentation in the Windchill Help Center.
Example of a security.properties File
com.ptc.jws.client.keystore.file=%WT_HOME%/Windchill/prog_examples/jws/stores/client-keystore.jks

com.ptc.jws.client.keystore.password=changeit

com.ptc.jws.client.keystore.alias=ws-client

com.ptc.jws.client.truststore.file=%WT_HOME%/Windchill/prog_examples/jws/stores/client-truststore.jks

com.ptc.jws.client.truststore.password=changeit

com.ptc.jws.client.truststore.peeralias=<host name, if the jws-stores.xml was used to create the keystore>

handler.config=samlHandler:com.ptc.jws.client.handler.SamlCallbackHandler
Was this helpful?