IDEA
Single Sign-On for
Windchill PLM provides simplified access using Integrated Windows
Authentication and SAML based web browser exchanges. It is First to Market to integrate
PingFederate WS-Federation with Windchill PLM. Single Sign-On provides highly
secure user authentication with seamless switch between different applications
and reduced IT administration costs.
|
|
|
CLIENT
|
 |
|
It is diversified health and Well-being Company, focused on improving
people’s lives through meaningful innovation in the areas of Healthcare,
Consumer Lifestyle and Lighting. It is listed in Fortune 500 company which
sales and services in more than 100 countries
|
|
|
 |
|
|
|
|
BUSINESS
SITUATION
|
 |
|
Client wanted to standardize on authentication to applications using
industry standards for achieving single sign on (SSO) for Windchill PLM. This
included building a federation capability and removal of usage/storage of
user names and passwords in Windchill.
|
|
|
 |
|
|
|
|
HOW
WE HELPED
|
 |
|
The highlights of this
solution being,
·
Recommended Shibboleth as SAML based
middleware between Apache and PingFederate since Windchill uses Apache for
the authentication.
·
Configured PingFederate 7.1.3 as Identity
Provider (IdP) and Shibboleth as Service Provider (SP).
·
Shibboleth-Apache integration for Windchill
PLM authentication.
·
Arcot AOK integration for internet based user
authentication requests.
·
Form based authentication for non-person user
IDs especially since the required solution was Integrated Windows Authentication.
·
Advanced Configurations for specific Windchill
modules :
PTC Workgroup Manager
Windchill Product Analytics.
Desktop Integration(DTI)
PTC System Monitor
·
Developed a solution for integration of IBM
Cognos and Windchill PLM with Amazon Cloud, SSL, SSO, and Reverse Proxy.
·
Deployed SSO Solution on reverse proxy Apache
for bi-layered security.
·
Corporate LDAP integration for additional
enterprise-wide user attributes like Digital Signatures for Change Tasks.
 |
|
|
|
|
|
|
 |
BUSINESS
IMPACT
|
|
|
|
PTC's Windchill PLM SSO Solution
resulted in various key benefits such as:
First to Market - Windchill PLM SSO Solution team delivered challenging goal of
client to integrate PTC’s Windchill PLM enterprise application with Ping
Federate using Shibboleth SAML-based Middleware.
Productivity Boost - We helped client users to move between services securely and
uninterrupted without specifying their credentials each time. Having to
remember and key-in only one password significantly cuts down login time and
reduces the chances of a failed login. Thus, SSO can enable users to buckle
down to work right away.
Secured Windchill over Internet - The users’ credentials are provided directly to the central SSO server,
not the actual service that the user is trying to access, and therefore the
credentials cannot be cached by the service.
The central authentication point – Implemented SSO service –
limits the possibility of phishing.
Windchill Administration Cost Reduction - Windchill administrators can
save their time and resources by utilizing the central web access management
service. Also SSO will allow users to remember just one password, reduce the
chances of forgotten passwords, and consequently bring down Help Desk costs.
Disclosure: I’m responsible for Infrastructure Solutions as service.
|
