Installation and Upgrade > Installation and Configuration Guide > Advanced Configurations > Configuring HTTP Server and Embedded Servlet Engine With Other Options > Specifying Web Server Authentication
  
Specifying Web Server Authentication
PTC has provided several methods (Ant scripts) to improve and simplify the configuration of the HTTP Server for Windchill. A commonly used script is the webAppConfig.xml Ant script. For example, it is used by the installers (along with config.xml) to perform the configuration of HTTP Server’s management of the Windchill Web application. Other webAppConfig.xml uses include:
Manages the generation (and regeneration) of the app-<Web application>-Auth.conf and app-<Web application>.conf files. These files contain the authentication parameters for the Windchill products. They are reproduced in their entirety each time an update occurs, thus, manual changes applied to the files are lost.
Ensures that the Web application settings that apply to the Windchill system are applied to all the entries in the app-<Web application>-Auth.conf file.
During the update, the webAppConfig.xml script retains the existing data in the file while it applies the new changes saving you the effort of entering the data that already exists.
The following sub-sections provide instructions to implement various Windchill authentication strategies using the webAppConfig.xml Ant script.
Specifying a Resource (URL) to Authenticate
By default, Windchill does not configure HTTP Server to require authentication of the Windchill URLs. Windchill does not require authentication. To specify that a given directory, file, or servlet (and URL within the Windchill Web application), be authenticated by HTTP Server, you can execute the following command to set authentication for Windchill. The command must be run from the HTTP Server root directory and the command string must be entered on one line:
ant -f webAppConfig.xml addAuthResource
-DappName=<Web application name)
-Dresource=<relative URL of resource to authenticate>
Where <Web application name> is the Web name you assigned to Windchill and where <relative URL of resource to authenticate> is the relative path from the Web application to the resource to authenticate, for example, the section for the URL after http[s]://hostname:port/.../<Web application name>/... The <relative URL of resource to authenticate> can be a directory, for example, wtcore/jsp, in which case it applies to everything in that directory, or a particular file, for example, foo/info.html.
For example, to require authentication to access the IE servlet in an installation where the Web application name is MyInfoEngine, the command would look like:
ant -f webAppConfig.xml addAuthResource -DappName=MyInfoEngine
-Dresource=servlet/IE
LDAP Configuration
Multiple LDAP URLs can be defined for authentication. HTTP Server uses named authentication providers for each LDAP URL. By default, the providers are [WebAppName]-EnterpriseLdap and [WebAppName]-AdministrativeLdap. When a provider name is specified, "[WebAppName]-" is automatically pre-pended to the provider name in the Apache configuration.
Specifying an LDAP URL for Authentication
To specify an LDAP URL to use as the basis of authentication from HTTP Server, issue the following command. The command string must be entered on one line:
HTTP Server
ant -f webAppConfig.xml addAuthProvider -DappName=<Web application name> -DproviderName=<LDAP provider Name> -DldapUrl=<LDAP URL>
This command can be used to add additional LDAP URLs for authentication.
To add users to the LDAP, consult Managing a Windchill Directory Server.
Specifying a Bind DN for the LDAP URL
To specify a bind DN and password through which the LDAP URL should be accessed, for example, when the LDAP does not allow anonymous bind access, then issue the following command. The command string must be entered on one line:
HTTP Server
ant -f webAppConfig.xml addAuthProvider
-DappName=<Web application name>
-DldapUrl=<ldap Url>
-DproviderName=<LDAP provider name that needs bind credentials>
-DbindDn=<bindDN> -DbindPwd=<bindPassword>
Configure Authentication Realm Name
The authentication realm name appears in the authentication name and password log in dialog window. The default value is Windchill. To change this value, the variable must be manually configured.
To change the realm name, the ant command is executed from the command line. The command must be run from the HTTP Server root directory:
ant -f webAppConfig.xml regenWebAppConf -DappName=<your Web
application name
> -DauthRealm=<your realm name>
Where <your Web application name> is the Web application name you assigned, for example, Windchill. Where <your realm name> is a value of your choice.