Cancel
Showing results for 
Search instead for 
Did you mean: 

smart card with login

Solution Partner Experimenter Solution Partner Experimenter
Solution Partner Experimenter

Hello

 

Software version:

Windows Server 2008 R2 Datacenter

Teamcenter 11.3

JRE1.8

 

Scenarios:

We would like to implement two-factor authentication when user log on Teamcenter.

We expect that user fill out User ID and password, and then using smart card as the second authentication.

 

So far, we know that Kerberos, SSO, Security Service might be involved, however we encounter some questions, Can sombody help us ?

 

Q1

Is the scenario I mentioned feasible? Anyone succeeded? If it is, may I require some instructions or suggestions to implement it? We would be grateful if a structure diagram attached.

 

Q2

We found a reader on your website(https://goo.gl/wZFeHv), is using siemens's reader necessary? And how Teamcenter connect to the reader, by setting what mechanism in Teamcenter or by API connected?

 

Q3

(i)If I want to install Teamcenter Security Service, what is the difference between method A and method B?

Method A: Follow the step by step guide of TSS00001Teamcenter 11.3 Security Services Installation/Customization.

Method B: Use Teamcenter Environment Manager to install Teamcenter Security Service in Server Enhancements feature.

 

(ii) A problem occurs when executing method B, TEM stops and won’t continue to process at command:

Executing ["bmide_generatetcplmxmlschema.bat" -u=infodba -pf=D:\Siemens\TC11\tcroot\security\config1_infodba.pwf -g=dba]”

Output from command: "bmide_generatetcplmxmlschema.bat" -u=infodba -pf=D:\Siemens\TC11\tcroot\security\config1_infodba.pwf -g=dba”

 , no error appears in log file, could you please help me with this problem?

 

Hope somebody can help us, thank you very much!

 

 

 

3 REPLIES

Re: smart card with login

Solution Partner Phenom Solution Partner Phenom
Solution Partner Phenom
I don't know of a way to implement two-factor authentication with Tc.

A reader is necessary if you want to authenticate using a smart card (Siemens Oil and Gas uses this method).

However, the easiest TcSS implementation is using Kerberos w/IIS redirector to Tomcat. Kerberos comes with Windows and transmits security credentials securely. Its tied to Active Directory/LDAP for the OS login user so if you trust users to log into the OS then you can trust them to login using the same credentials for Tc.

For bmide_generatetcplmxmlschema, look in TC_ROOT\logs directory for additional logs for this util.

Randy Ellsworth, Teamcenter Architect, Applied CAx, LLC
NX 11 | SW 2016 | Creo 4 | TcUA 11.4
Evaluating: AW 3.4

Re: smart card with login

Solution Partner Experimenter Solution Partner Experimenter
Solution Partner Experimenter

Hi @RandyEllsworth :


Thanks for your reply.

 

As you mentioned, the solution that user fill out credential and then insert the smart card doesn't work. Your great advice is one of our options. However, our client prefers implementing smart card on Teamcenter directly. And there’s some questions about Smart Card authentication that I would like to ask.

 

First, is it okay to briefly describe Siemens Oil and Gas’s smart card authentication scenario? If not, is there any structure chart or flow chart that can help us understand more about how does the whole smart card authentication works? (In TSS00001 Security Service Installation/Customization it only briefly describes what we should do to configure Smart Card authentication)


Second, is it necessary to use Siemens’s reader(https://goo.gl/wZFeHv) or we can just use other customized reader from another manufacturer? And how does Teamcenter interact with the reader? (By setting what mechanism in Teamcenter or by what API)

 

I'd appreciate your information. Thanks.

Re: smart card with login

Solution Partner Phenom Solution Partner Phenom
Solution Partner Phenom
Frankly, I don't know. Siemens Oil and Gas required that you use their hardware to access their network and their hardware already had the reader built into the laptop. You insert your card to login to the OS and when you launched Tc then the credentials were read from the card. Maybe someone from Siemens can chime in?

Randy Ellsworth, Teamcenter Architect, Applied CAx, LLC
NX 11 | SW 2016 | Creo 4 | TcUA 11.4
Evaluating: AW 3.4