Options for Re-Authentication Response
Re-authentication on Windchill side is required for actions at client side like approve, reject or analyze on client workflow activities that are configured to have e-signature. Re-authentication is supported for the following authentication types:
• Basic
• Form based
• Single sign on
 |
Windchill does not support CAC-PKI authentication.
|
Windchill authentication server authenticates the user depending on the authentication type configured and sends back the response to the client. Windchill provides option to either post the response message from Windchill to the caller window/window opener or send the message to the redirect URL configured at the client side.
Configurations at client side for Windchill re-authentication
Client is required to send Windchill request <Windchill_context_Url>/jwt/servlet/JWTTokenFormRendererServlet with following request parameters:
• JWTResponseOption—This is mandatory field and value must be either of the values mentioned below. If these values are not provided appropriately, error is seen at Windchill side.
◦ Redirect—If the value provided is Redirect then client must pass redirect_url as request parameter. redirect_url should be a valid client URL.
◦ PostMsgToCaller—If the value provided is PostMsgToCaller then client must pass JWTClientOrigin as request parameter. JWTClientOrigin should be a valid client origin URL. If the client request is sent from HTML window and client wants the back response to that window object, then client should send request parameter JWTResponseOption with PostMsgToCaller value.
Example of custom attribute delegate:
import java.util.List;
import java.util.Map;
import org.json.JSONException;
import wt.jwt.framework.JWTAttributeInfo;
import wt.jwt.framework.JWTAttributesDelegate;
import wt.util.WTException;
/**
* DemoJWTAttributeDelegate is class to get Demo attribute information.
*
*/
public class DemoJWTAttributeDelegate extends JWTAttributesDelegate {
/**
* @throws JSONException
*
*/
public List<JWTAttributeInfo>getAttributeInfo(Map<String, String[]> reqAttrInfoMap) throws WTException
{
List<JWTAttributeInfo> attrInfoLstFromFrameWork = super.getAttributeInfo(reqAttrInfoMap);
return attrInfoLstFromFrameWork;
}
import java.util.Map;
import org.json.JSONException;
import wt.jwt.framework.JWTAttributeInfo;
import wt.jwt.framework.JWTAttributesDelegate;
import wt.util.WTException;
/**
* DemoJWTAttributeDelegate is class to get Demo attribute information.
*
*/
public class DemoJWTAttributeDelegate extends JWTAttributesDelegate {
/**
* @throws JSONException
*
*/
public List<JWTAttributeInfo>getAttributeInfo(Map<String, String[]> reqAttrInfoMap) throws WTException
{
List<JWTAttributeInfo> attrInfoLstFromFrameWork = super.getAttributeInfo(reqAttrInfoMap);
return attrInfoLstFromFrameWork;
}
• Client can pass optional attributes as request parameters which will display in re-authentication windchill form. Client needs to create custom attribute delegate java file for whitelist validation, localization, and visibilities of this optional attributes.
• Configure the site.xconf file by specifying the URL of the external application such as ThingWorx or ThingWorx Navigate in the wt.idp.allowlisturls property.