Configure Windchill Risk and Reliability to enable the SAML authentication
To enable the SAML authentication, configure Windchill Risk and Reliability as described below:
1. Open both your appsettings.config files — one on the desktop installation directory and the other in the web installation directory.
2. Update the appsettings.config file as follows:
a. Add the following code to enable the SAML authentication and to verify the Windchill Risk and Reliability user from the data received from PingFederate. The values that you specify here depend on the mapping specified in the attribute-map.xml. In this procedure, since we mapped to UID, the code sample uses HTTP_UID.
<add key="SAMLUserSearchOrder" value=" Username=AUTH_USER;Fullname=HTTP_UID;Emailaddress=HTTP_UID;Company=HTTP_UID;Phonenumber=HTTP_UID;EmployeeID=HTTP_UID;"/>
b. Add the following code to enable single sign-on authentication in PTC Windchill for integration tasks:
<add key="WindchillConnectJSP" value="infoengine/jsp/connecter.jsp"/>
Specifies the location of the connector.jsp file that needs to be deployed into PTC Windchill.
c. Save the changes and close the appsettings.config file.
d. To retrieve data from Windchill Risk and Reliability we need to make changes at Windchill Risk and Reliability machine in shibboleth2.xml file located at C:\opt\shibboleth-sp\etc\shibboleth\shibboleth2.xml.
Add following entries in file as shown below:
3. Restart the Windchill Risk and Reliability and PTC Windchill services.
4. Restart the shibd_Default Shibboleth service.
5. Restart the Microsoft IIS web server.
On completing the required configuration, open Windchill Risk and Reliability desktop and it must direct you to the PingFederate login page.