Authorization support for Windchill Risk and Reliability REST Services
Windchill Risk and Reliability REST Services supports three types of authorization:
• Basic Auth
• OAuth 2.0
Using OAuth 2.0 to Single Sign-On in Windchill Risk and Reliability REST Services
Prerequisite
To enable Single Sign-On for Windchill Risk and Reliability REST Services,
◦ In appsettings.config file, add the following key-value pairs.
<add key="checkTokenEndpointUrl" value="<<The PingFederate OAuth token validation URL>>"/>
<add key="Client_Id" value="<<The CLIENT ID configured in PingFederate>>"/>
<add key="Scope" value="WRR_READ"/>
Example:
<add key="checkTokenEndpointUrl" value="https://server1.ptcnet.ptc.com:9031/as/introspect.oauth2?grant_type=urn:pingidentity.com:oauth2:grant_type:validate_bearer"/>
<add key="Client_Id" value="wrr-client-id"/>
<add key="Scope" value="WRR_READ"/>
◦ As an Administrator, open a command prompt and navigate to the Windchill Risk and Reliability directory. Then run the following command:
RiskAndReliability.KeyManager.exe --set Client_Secret="<THE_CLIENT_SECRET>"
where,
<THE_CLIENT_SECRET> - The OAuth client secret from the OAuth client provider.
◦ After setting a new secret, IIS needs to be restarted.
To use Single Sign-On for Windchill Risk and Reliability REST Services, do the following:
1. In the application used to access Windchill Risk and Reliability REST Services, under the Authorization header:
a. Select Type as OAuth 2.0.
b. Click Get New Access Token.
2. In the Sign On window, enter your USERNAME and PASSWORD.
3. Click Sign On.
4. In the Request for Approval window, select WRR SCOPE and click Allow.
5. A token is generated and can be used for authorization. This token is used as bearer token in the Headers.
 | If the user is part of multiple groups, enter the GroupName parameter in the Headers. |