Server-side Authentication for UI Managers, Basics
When using the server-side authentication for UI managers the user has to authenticate himself to the User Interface via the HTTP server. Communication between the user interface and the WinCC OA core (Data manager / Event manager) is only possible if the login credentials are verified by the HTTP server and clearance is ensured via a user interface specific token.
Server-side authentication for UI managers provides increased security by preventing access of unauthorized UI clients.
The server-side authentication for UI managers only authenticates the UI manager. For the authentication of all managers, see chapter Server-side Authentication for Managers - Basics.
Session Binding
Session binding reduces the risk of manipulated messages and unauthorized access to a WinCC OA system. The communication security is increased since the access of unauthorized managers is prevented. In Session Binding the WinCC OA user name is part of a certificate. Read in chapter Panel for SSL Certificates of how to create a certificate with a user name.
Session Binding is activated via the server-side authentication for UI managers. When an Access Control Plug-in of ETM is loaded, the Session Binding is automatically active and cannot be deactivated. By default (standard project) the session binding is deactivated. You can activate it irrespective of the Access Control Plug-in by using the config entry serverSideAuthentication=1 in the [general] section.
Chapter Overview
| Chapter | Description |
|---|---|
| Server-side Authentication for UI Managers: | |
| Requirements and Installation | How-to configure the server-side authentication for UI managers. |
| Notes and Restrictions | Notes and restrictions for the usage of the server-side authentication for UI managers. |
| Server-side Authentication for Managers: | |
| Server-side Authentication for Managers - Basics | Overview of the server-side authentication for managers. |
| Requirements and Installation | How to configure the server-side authentication for managers. |
| Panel for SSL Certificates | How to create SSL Certificates via a panel. |
| Example Configuration - SSA for Managers | A complete example configuration for the server-side authentication of managers. |
| Example of Config Entries -SSA for Managers | In the server-side authentication for managers the managers use SSL certificates for the authentication. Description of which config entries are needed for the authentication. |
| Error Behavior | Error messages for the server-side authentication of managers. |
