cancel
Showing results for 
Search instead for 
Did you mean: 

SSO 4 tier environment

Genius
Genius

Hi

 

I would like to get SSO enabled for our site i.e enablo so user don't need to type in a username and password when they start Rich client.

What is the steps I need to take to enable it when we have a 4 tier client environment?

 

In TEM I can see the recomended port setting is 7001 (Login and Service url). Today we uses 8080. Shall I go back to 7001?

 

I have seen a simple solution from Stefan Pendle in Password-Expiration

This I tried in our 4 tier but I was not able to get it to work as there are no teamcenter.ini when using OTW. I added the settings in otwportal.bat like this:

 

start Teamcenter.exe %* -vm "%JRE_HOME%\bin\javaw.exe" -nl en_US -Dautologin.user= -Dautologin.pass= -vmargs -Xmx%VM_XMX% -XX:MaxPermSize=128m -Xbootclasspath/a:"%JRE_HOME%\lib\plugin.jar";"%JRE_HOME%\lib\deploy.jar";"%JRE_HOME%\lib\javaws.jar"

 

When I added it to a 2 tier it seems to work but I still needed to click on Login button and after that Rich client launched. (Username and password field were cleared in the dialog.)

 

We also have Catia, Autodesk and SolidWorks integrations. Will they be supported for the SSO as well if we enable it for the Rich Client?

Catia I think so as there we needed to enter the credentials twices were the second was for the racless connection.

 

I someone can guide me into the SSO jungle it would be much appreciated.

16 REPLIES

Re: SSO 4 tier environment

Valued Contributor
Valued Contributor

Hi could you explain more, how is the SSO configured in your environment? what loginservice are you using?

 

Regards,

Chene

Re: SSO 4 tier environment

Genius
Genius

I try to give some addtitional info, we don't have SSO enabled for Teamcenter.

As we have Microsoft Active Directory I have a thought of using an LDAP sync. That is a far as I have come and I got confused when reading the Sequrity Service help pages.

So I would like to know the steps we need to take to just get it working for our 4 tier clients. (We only use 4 tier clients at the moment.)

 

 

Re: SSO 4 tier environment

Valued Contributor
Valued Contributor

You might need an LDAP sync to use the client certificate to authenticate the login user. It doesnt matter if only 4 tier RAC, thin client or 2 tier. the teamcenter loginservice should configured according to gateway field type and field name. 

Re: SSO 4 tier environment

Solution Partner Creator Solution Partner Creator
Solution Partner Creator

Hi, you need three JBOSS services: Security and Login, JBOSS service for WebApp and IIS service for Windows authentication. Use JBOSS 5.1 for Security / Login services and JBOSS 7.1 for WebApp service. IIS service will be used as ISAPI filtered AJP protocol connector for Windows authentication. Does this help you any way?

Re: SSO 4 tier environment

Genius
Genius

Hi

 

Is it a prerequsite to use JBOSS? We have IIS as standard so couldn't I use that for all these three services?

 

Do you have these servcie running on the same server as the 4 tier Manager Service?

We have one application server (2012R2) were I run all services on and TC is connected to a seperate db cluster (MS SQL 2008).

 

Currently we use port 8080 for our 4 tier connections. I have seen TC as standard proposes 7001.

Is there any specific reasons for specifiing port 7001, or they just took one? This might be more of a general question out of the SSO discussion.

 

 

 

Re: SSO 4 tier environment

Solution Partner Creator Solution Partner Creator
Solution Partner Creator

Yes, you have to use JBOSS for security services. Port 7001 is only used as example i think. Also you have to use AJP connector for JBOSS and IIS communication.

Re: SSO 4 tier environment

Solution Partner Phenom Solution Partner Phenom
Solution Partner Phenom

Different web applications have different default ports. For instance, the default http port for JBoss is 8080. The default http port for Weblogic is 7001. Siemens development liked to use Weblogic which made it into their documentation. Just know that it is not a recommended port number (or a recommendation on which WAS to use) but only an example written that shows the default http port number.

  • Default port for HTTP is 80 so JBoss uses 8080 (WebLogic uses 7001)
  • Default port for HTTPS is 443 so JBoss uses 8443

You get the idea.


Randy Ellsworth, Teamcenter Architect, Applied CAx, LLC
NX 11.0.1.mp01 | SW 2016 | TcUA 11.2.3
Evaluating:AW 3.2

Re: SSO 4 tier environment

Solution Partner Phenom Solution Partner Phenom
Solution Partner Phenom

SSO is a J2EE web application and must be run on a J2EE web application server (WAS). IIS is .NET which is a different software stack. Supported J2EE WAS are JBoss, Weblogic or WebSphere. You can google "j2ee  vs .net" to see a bit of the history, the battle was hot in 2001.


Randy Ellsworth, Teamcenter Architect, Applied CAx, LLC
NX 11.0.1.mp01 | SW 2016 | TcUA 11.2.3
Evaluating:AW 3.2

Re: SSO 4 tier environment

Genius
Genius

OK so it was not so simple implementation as I wanted.

Will check how I can implement the JBOSS and if it's possible to run IIS and JBOSS on the same server.

 

Can we go back to the simplified solution Stefan Pendl had but I could only get it to work in the 2 tier environment.

I set it like this in our otwportal.bat file:

start Teamcenter.exe %* -vm "%JRE_HOME%\bin\javaw.exe" -nl en_US -Dautologin.user= -Dautologin.pass= -vmargs -Xmx%VM_XMX% -XX:MaxPermSize=128m -Xbootclasspath/a:"%JRE_HOME%\lib\plugin.jar";"%JR​E_HOME%\lib\deploy.jar";"%JRE_HOME%\lib\javaws.jar​"

 

in the portal_user.properties I set:

enableAutologin=true

 

Should it be set in a different way when using 4tier as it seems not to honour the setting when I launch the Rich client?

It should as I see it do that in the same way as we have added -nl en_US to get rid of the eror message our non English users get..