Administering the Authentication Process
The Windchill architecture is designed to rely on Web server authentication to provide authenticated user names. Therefore, access controls maintained on the Web server determine access privileges to an authenticated Windchill URL or SysAdm URL based on a user name and password obtained by the Web browser.
1. Authenticated user names are Web server user names.
2. Windchill's authenticated HTTP gateway (defined by the wt.httpgw.url.authenticated property in the Windchillwt.properties file) must be subject to access control by the Web server, allowing only authenticated users to access it.
3. On the Web server, the Windchill HTTP gateway URLs must be aliased to the provided Windchill gateway servlet implementations.
|
The HTTP authentication implementation is described in more detail in the Basic Customization and Advanced Customization areas of the Windchill Help Center.
|
Windchill uses its internal access controls to limit information access based on the user identity established by authentication.
|
In the wt.properties file, the property wt.auth.toLowerCase is set to true by default, which forces authentication IDs to become lowercase. Therefore, you should not rely upon case to distinguish user names, unless you have changed the value of this property to false.
|
See the “Basic Customization” and “Advanced Customization” areas of the Windchill Help Center for information about customizing the Windchill authentication mechanism.
The installation process sets the
LDAP Connection option that relates to anonymous access. For additional information on this option, see
Entering Your LDAP Settings.