Configuring Windchill Risk and Reliability Web Services for Single Sign-on
These settings are applicable for Windchill Risk and Reliability Data Engine APIs and REST services.
 |
For details about Windchill integration with SSO, see Windchill OAuth 2.0 Client Credentials Grant Configuration.
|
Creating OAuth Client Connection for Windchill Risk and Reliability
Windchill Risk and Reliability connects to a PingFederate OAuth client to verify the authenticity of the access tokens it receives from the application used to access Windchill Risk and Reliability Web Services. To create this OAuth client, complete the following steps:
1. Go to > > , click Add Client.
2. Enter a CLIENT ID. Make a note of this value, it will be needed when configuring the appsettings.config file.
3. In CLIENT AUTHENTICATION, select CLIENT SECRET radio button.
4. Select CHANGE SECRET checkbox.
5. Enter a CLIENT SECRET. Make a note of this value, it will be needed when configuring the appsettings.config file.
6. In the NAME field, enter a descriptive value. This is displayed in the PingFederate Clients list.
7. Enter a DESCRIPTION.
8. In the ALLOWED GRANT TYPES section, select Access Token Validation (Client is a Resource Server), Refresh Token, and Authorization Code.
9. Use the default settings for the remaining fields.
10. Click Save
Registering Scope for Windchill Risk and Reliability
1. Go to > > , in the Scope Value, enter WRR_READ.
2. In the Scope Description, enter a description for the scope.
3. Click Add
4. Click Save
Authorization server settings
1. Go to > > , in the PASSWORD CREDENTIAL VALIDATOR, select the specific validator created for the LDAP server. To know more about creating a validator, see Create and configure IdP adapter.
2. In the REQUIRED SCOPE, select WRR_READ.
3. Click Save