cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can Bookmark boards, posts or articles that you'd like to access again easily! X

Toolkit based automated Windchill authentication for SSO (Single Sign On) via Shibboleth

AchimSchoen
11-Garnet
11-Garnet
‎Aug 09, 2023 02:44 PM
‎Aug 09, 2023 02:44 PM

Toolkit based automated Windchill authentication for SSO (Single Sign On) via Shibboleth

For an automated Windchill authentication Creo Toolkit provides the command ProBrowserAuthenticate to preset login and password information for subsequent Toolkit calls which require authentication and authorization like ProServerWorkspacesCollect, ProServerObjectsCheckin, etc.

 

At the moment many companies are moving from password based access to SSO (single-sign-on) by Shibboleth and therefor the old approach does not work anymore.

 

Is there any workflow existing to provide the credentials from SSO by the Toolkit API?

 

 

 

 

Labels:
0 Kudos
Notify Moderator
8 REPLIES 8
syalagudri
12-Amethyst
12-Amethyst
(To:AchimSchoen)
‎Aug 10, 2023 01:08 AM
‎Aug 10, 2023 01:08 AM

I was also looking for such API but PTC does not support this as of now. 

You can use APP ID and allow basic auth for that app id in Windchill. This is a kind of workaround and may be the best solution.

 

Thanks,

Suresh 

0 Kudos
Notify Moderator
AchimSchoen
11-Garnet
11-Garnet
(To:syalagudri)
‎Aug 10, 2023 11:23 AM
‎Aug 10, 2023 11:23 AM

I was wondering how PTC solves this for a Toolkit application running as CAD worker. In this case this information has to be provided to the xtop.exe process somehow. Either somewhere in %appdata%/PTC, as environment variable, as runtime argument for xtop.exe etc.

0 Kudos
Notify Moderator
syalagudri
12-Amethyst
12-Amethyst
(To:AchimSchoen)
‎Aug 10, 2023 12:37 PM
‎Aug 10, 2023 12:37 PM

CAD- Workers still work with basic auth.

 

PTC should provide an API which take auth token as input.

 

or Should take token and other url's do the authentication. This is available today in other CAD tools

0 Kudos
Notify Moderator
RPN
17-Peridot
17-Peridot
(To:AchimSchoen)
‎Sep 16, 2023 07:47 AM
‎Sep 16, 2023 07:47 AM

Personally I don’t believe that there is a Check In/Check Out for a Worker, are you sure about?

 

0 Kudos
Notify Moderator
RPN
17-Peridot
17-Peridot
(To:AchimSchoen)
‎Aug 10, 2023 08:58 AM
‎Aug 10, 2023 08:58 AM

I think the easiest solution is to read the user from the system, probably not from the environment 😅. And my assumption in that case would be, you have to configure this in Windchill. Because you don’t need this dialogue any longer. 

On the other hand, using other specific user require special attention. 

And if this is turned on, Creo or the Browser must provide the ID, now you need tools to extract the username for validation 😇

0 Kudos
Notify Moderator
AchimSchoen
11-Garnet
11-Garnet
(To:RPN)
‎Aug 10, 2023 11:20 AM
‎Aug 10, 2023 11:20 AM

Actually the workflow is the following that you have to authenticate yourself against the SSO system and this provides you a token (or for Shibboleth a cookie) and you have to send this token instead of the basic authorization information. ProBrowserAuthenticate allows to set the login/password information for a basic auth, but not for sending a specific token.

0 Kudos
Notify Moderator
Eike_Hauptmann
13-Aquamarine
13-Aquamarine
(To:AchimSchoen)
‎Sep 12, 2023 07:24 AM
‎Sep 12, 2023 07:24 AM

I thought about to open the browser to the specific site from the WT Server.

 

As far as I know it use the same cookie space so you should be authenticated afterwards.

 

We have a similar problem on the other site if we want to call REST API requests. So we add a alternative route to the REST API to call it without SSO atm.

PTC has currently no solution for this (like an API token ...).

 

Br,

Eike

0 Kudos
Notify Moderator
AchimSchoen
11-Garnet
11-Garnet
(To:Eike_Hauptmann)
‎Sep 12, 2023 09:00 AM
‎Sep 12, 2023 09:00 AM

Hello Eike,

 

thanks for the feedback. For calling REST API we have a similar solution which requires the user to do the authentication once and we store in case of OAuth2 bearer and refresh token encrypted to registry to reuse this information in subsequent REST calls.

 

In this case I'm searching for a solution for the Toolkit API Windchill functions to use them in a Creo session which is launched without user interaction.

 

Thanks,

    Achim

0 Kudos
Notify Moderator
Top Tags