OAuth2-Based Authentication for Publishing Workers on SSO-Enabled Windchill Servers
Windchill 13.1.3.0
Description
Starting with Windchill 13.1.3.0, Creo View Adapter 12.1, and Creo Parametric 12.4.2, Windchill has introduced support for OAuth2 Client Credential Grant authentication for publishing workers. This capability is designed for Single Sign-On (SSO) configured Windchill servers and replaces the legacy IP-based trusted host authentication model. Publishing workers now authenticate via Windchill’s Authorization Service, using securely stored client credential grants to register and communicate with the server.
This release supports OAuth2-based service authentication for:
• Creo View Adapter for Creo Parametric
• Creo View Client-based workers such as Clash and Batch Print.
Each worker client securely stores its own credential grant, ensuring isolated and protected authentication. Currently, PingFederate is the only supported Central Authorization Server for client credential grant flows. Support for other providers like Azure AD / Entra ID is planned for a future release.
Additionally, a future release of Creo View Adapter and Windchill Workgroup Manager will extend OAuth2-based service authentication to:
• Third-party CAD applications: NX, SolidWorks, Inventor, CATIA V5
• Second-party CAD applications: Creo Elements/Direct Modeling & Drafting
Following are some of the benefits of the authentication:
• Stronger Security: Replaces static IP trust with token-based authentication.
• SSO Integration: Seamlessly aligns with enterprise SSO configurations.
• Credential Isolation: Each worker securely stores its own credential grant.
Related Information
For details, see the following sections: