The user authentication capabilities of the web server are leveraged by Windchill to take advantage of the improving authentication standards being built into web browsers and servers. These include HTTP 1.0 Basic authentication, HTTP 1.1 Message Digest authentication, Digital Certificates, Windows/NT Challenge-Response authentication, and more. Since Windchill is Web-centric, it is important to leverage the server's user authentication rather than become a hole in that security by using an obsolete authentication scheme that is not integrated with the customer's environment. For example, a site using web servers that support LDAP-based, centralized user and access management is automatically integrated with Windchill for user authentication, rather than maintain a second set of user preferences.

Integration is achieved by configuring a protected instance of the Windchill HTTP gateway. Java applets send a session login request to this URL. The web server does not allow access until the user satisfies the server's user authentication requirements. Normally this involves the server returning an unauthorized response to the client browser that identifies the authentication scheme required. The browser then reacts by resending the request with the appropriate authentication headers, possibly after prompting the user for a password.

Essentially, Windchill is not involved until the web browser and web server have securely established the user's identity. Only then does it receive the session logon request along with the authenticated user identity.

For more information about authentication and to customize authentication methods, see the customization information located in the Basic Customization and Advanced Customization areas of the Windchill Help Center.