Installation and Upgrade > Advanced Deployment Considerations > Authentication > Configuring an Alternative Authentication in Windchill
  
Configuring an Alternative Authentication in Windchill
Windchill relies on the javax.servlet.http.HttpServletRequest servlet APIs getRemoteUser() and getUserPrincipal() methods to identify the user ID that is authenticating against the server. To provide user identification:
For servlet-engine-based form-based authentication, the authentication is automatically handled.
For web server-based form-based authentication, the authentication is normally handled automatically by the web server setting the REMOTE_USER variable on the request.
Most alternative authentication schemes are capable of populating the REMOTE_USER variable with the authenticating user ID. If not, then you must ensure that the servlet APIs return the appropriate value, using a custom servlet filter to wrap the HttpServletRequest (if necessary). Be aware that if your code passes the user ID through a request header, you must ensure that the code does not accept this particular header from clients.
The following topics provide guidance on configuring these alternative authentication schemes.
HTTPS Client Authentication
Microsoft NTLM Authentication
Form-based Authentication
Security Assertion Markup Language (SAML) Authentication