Amministrazione avanzata > Supporto delle funzionalità di visualizzazione e pubblicazione > Advanced Publishing Configuration > Positioning Assembly Publishing > Configuring Worker with Client Credential Grant
Configuring Worker with Client Credential Grant
This section outlines topics specific to using Client Credential Grant (CCG) for worker publishing. This feature enables workers to authenticate using the client credential grant method. As worker publishing functions as a service to Windchill, client credential grant-based authentication is recommended.
1. Identify or configure a user to publish the content as a service. It is recommended to use a service principle for publishing purposes. Refer Windchill Service Principal to understand how to configure Windchill Service Principal. The selected user must have the rights to publish and access the content from all the contexts across the organization .
2. Generate the client credential grant for the user. For more information refer, Implementation of Client Credential Grant Type in PingFederate.
3. The OAuth client must obtain an access token by submitting a POST request to the authorization server's token endpoint. Note that the request body must have the application/x-www-form-urlencoded content type. Configure the worker with the following four parameters:
Parameter
Description
Access Token URL
The URL that references the identity server configured by the customer’s administrator. It should be a secure (https) URL.
Client ID
The client ID you generated in your CAS for this web application.
Client Secret
The client secret you entered in the CAS when configuring this web application.
Scope
Must be WINDCHILL_READ  when accessing Windchill or WRS.
Security Considerations
It is recommended that you configure a separate service principle for each worker for each client machine.
Other configuration properties specify the users to be used for a given client. In such cases, set the value for OAuth to the name of the service principal.
Known Limitations
The client credential grant does not support the upload to file server hook.
È stato utile?