Configuration

Default Configuration

Create a new project (optional)
Add a Control manager to the project which starts the webclient_http.ctl script.
Define the start panel by using the config entry [httpServer] uiArguments. e.g. uiArguments="-p myPanel.pnl" (optional, can also be set by using the URL parameter "panel")
Start the project
Open the web address of the ULC UX under http://<MyWebServerAddress>:<port>/data/ulc/start.html (Default port Windows: http=80 / https=443; Default port Linux: http=8080 / https=8079), e.g. https://localhost/data/ulc/start.html

CAUTION:

The URL parameter "?panel" is deactivated by default and must be explicitly activated by using the config entry [httpServer] allowPanelParam

Note:

As it may happen that other applications already block the default port of the web server it should be checked if the ports were successfully opened. A corresponding message (see below) can be found inside of the log viewer. If these messages are not displayed within the log it might be necessary to change the used ports using the config entries [webClient] httpPort and [webClient] httpsPort.

http, Server hört auf Port http:// - 80
http, Server hört auf Port https:// - 443

Additional Configuration

Following additional (optional) settings can be made for the ULC UX:

WinCC OA web server specific settings can be made. Information can be found under HTTP Server, basics
For changing the used ports the config entries [webClient] httpPort and [webClient] httpsPort can be used.
Depending on the complexity of the project and the number of clients multiple remote web servers can be used. Use the [httpServer] loadBalance config entry to configure the web server load balancing.
The starting page of the web server can be set by using the [httpServer] indexPage config entry.
When using a redundant WinCC OA project the web server control manager must be started with the parameter "-connectToRedundantHosts".
By defining a panel topology user specific start panels can be set.
Various UI Manager options can be set with the config entry [httpServer] uiArguments.
The amount of times the ULC UX tries to reconnect to the webserver(s) can be set via the config entry [ulcUX] reconnectCount

Further configuration settings can be found under Possible Config Entries [httpServer].

HTTP server authentication

In order to use the HTTP server authentication, add the [webClient] httpAuth=1 config entry to the webClient section of the config file and enable the httpLogin in the WinCC_OA_Proj/config/config.http file. Copy the config.http file first from wincc_oa_path/config to WinCC_OA_Proj/config.

If you use the HTTP server authentication, a login dialog (HTML5 page) is shown:

Figure 1. HTTP server authentication login dialog

Configuration of a remote web server for the ULC UX

If the remote web server has access to the project data of the user interface (panels, scripts, color databases). e.g.

a local copy of all project data
via one or more "proj_path" entries that refer to the server and to the corresponding project directories

you can set the following config entry on the web client:

[httpServer]
uiUsesMainServerAsFileServer = 0

If the entry was not set, you have to start the web server (script webclient_http.ctl) also on the server so that the ULC UX-UI (that is started on the remote client computer) can copy the files from the server into the local cache directory. For an architecture figure of a remote configuration, see figure Multi System Architecture in the chapter Architecture.

URL Parameter

The URL parameter can be used to define different properties of the ULC UX on the Client. The parameters are added after the ULC UX web adress as "?<parameter>=<value>".


Parameter	Description
size	Defines the size of the ULC UX inside of the web browser. Example: http://MyWebServer?size=1024x675 The passed value must have the format <length>x<height>.
panel	Defines the starting panel of the ULC UX. Example: http://MyWebServer?panel=vision/login.pnl The passed value must contain the relative path to the panel starting from the panels directory of your project/version.
png	Defines the used png compression. This parameter overrides the settings made inside of the config file for current session only! The value ranges from 0 to 100 where 0 is no comrpression and 100 is the maximum compression.
lang	Using the "lang" URL parameter a preferred language can be forwarded to the server. If the language is available it is used for displaying the UI. Example: http://127.0.0.1/data/ulc/start.html?lang=en-US If the URL parameter is stated any "-lang" parameter set inside of the [httpServer] uiArguments config entry is overruled.
touch	Setting the "touch" parameter with the value "1" allows virtual keyboard in the ULC UX. The virtual keyboard appears on the screen when an input element receives the focus. Example: http://127.0.0.1:100/data/ulc/ulc.html?touch=1
tz	Overwrites the time zone used by the client, e.g.: http://MyWebServer?tz=Europe/Vienna A complete list of available time zones can be found on the webpage of the time zone database. Caution: The config-entry [httpServer] ulcUseClientTimeZone has to be set to "true" to use this parameter.

CAUTION:

The URL Parameter "timezone" will no longer be interpreted by the ULC UX. Instead the display of different time values when the ULC UX client and the server are in different time zones is controlled with the config entry[httpServer] ulcUseClientTimeZone. Accurate use of this functionality is only possible for servers with Linux operating systems.

The new URL Parameter "tz" will overwrite the time zone used by the client with the information passed in the parameter.

Load Balancing

Every WinCC OA web server can be used as a load balancer. The configuration is done by using the config entry [httpServer] loadBalance in the config files of every web server, which should use the load balancing feature (see also Redundancy, basics).

The entry can be set multiple times, where each entry defines an additional web server that can be used to start a new ULC UX UI manager for the current ULC UX project.

Example - loadBalance

[httpServer]
loadBalance = "WebServer1"
loadBalance = "WebServer2"

To define the maximum number of ULC UX UI manager located on the web server, the config entry can be extended with the postfix “max=x” where x defines the maximum number of Uis. By default (= no max parameter is stated) the limit is set to 5 Uis. If the max parameter is set to 0 no connections will be accepted by the web server.

When a new client wants to connect to the WinCC OA system, the load balancing algorithm automatically distributes the client connections equally across the available WinCC OA web servers, based on the number of already running web clients.

Example – loadBalance max=x

[httpServer]
loadBalance = "WebServer1 max=10" // A maximum of 10 ULC UX client connections can be opened on WebServer1
loadBalance = "WebServer2 max=15" // A maximum of 15 ULC UX client connections can be opened on WebServer1

Facts and Benefits of Load Balancing

Several dedicated machines can act as web server for the ULC UX
Easy configuration due to the use of built-in WinCC OA web server
The web server can be installed in a DMZ for security reasons
Dedicated web server can use redundant connections to the redundant WinCC OA servers
WinCC OA servers (redundant server) can also act as web server for a limited number of ULC UX clients.
For small systems no dedicated web server machine is necessary.
Automatic distribution of client connects across the web servers
The number of maximum clients per web server can be defined
Project data (panels, script libraries) are located on the (redundant) WinCC OA server and automatically synchronized with the web server.
The distribution algorithm is based on the number of running web clients per web server and not on CPU or other hardware parameters.

Single Sign On

Single Sign On (SSO) authentication is used for the purpose that a user does not need to log in to every application after he is successfully logged on to the domain. SSO authentication increases the IT security since the user management is centralized and administrated by the IT administrators. Moreover, it increases the comfort for the user.

To use SSO for your WinCC OA project the corresponding IT infrastructure must be available in your network.

For a detailed description of SSO for WinCC OA please refer to User administration, basics

CAUTION:

The authorization bits (bit 32) are not considered for SSO with ULC UX.

CAUTION:

For Single Sign On with ULC UX, the server project must run as Windows Service. How to configure the server project as Windows service, see chapter Configuration of the service.

How Single Sign-On Works

The following steps demonstrate how SSO is working for the ULC UX

A user accesses the web server via the web browser and automatically provides the user credentials via secure HTTPs – “negotiation” authorization.
The WinCC OA Web Server checks whether the user credentials are stored and authorized in the Key Distribution Service (Active Directory in case of Windows and Kerberos in case of Linux). If user is authorized the process continues from step 5 in this list.
If there are no credentials stored for this user or error at authorization occurs (e.g. wrong password) the user’s browser prompts a logon form and has to logon manually.
The User supplies credentials.
The WinCC OA Web Server starts the WinCC OA user interface with the provided credentials. The User Interface itself automatically tries to logon the user with the provided credentials to the WinCC OA project running on the WinCC OA server. If the login fails or the user does not exist the login panel is shown.

If the User’s credentials are not stored within the WinCC OA project, a WinCC OA Administrator has to add the user to the project either via

Login one time via native Client on the WinCC OA server in case of activated Windows authorization

or

Create the user manually via WinCC OA user management.

Note:

To use SSO with Firefox, the URI has to be added as "trusted for negotiate":

Open the config page with "about:config" and filter for negotiate.
Select the "network.negotiate-auth.trusted-uris" entry and add the ULC UX URI.

Benefits of SSO

Central management of WinCC OA users and permissions.
Uses Active Directory under Windows
Uses Kerberos authentication under Linux
When activated, automatic log on to the WinCC OA web server and also to the project is provided
Different start panels for different users possible (see WinCC OA Panel Topology).
Increases IT security due to central management of permissions.

Additional Configuration

Style

By default the ULC UX uses the style "fusion" for displaying the UIs. This setting can be changed by using the UI Parameter "-style windows" which will change to the Windows style. The parameter can be set as parameter for the [httpServer] uiArguments config entry.

Panel Size

If the displayed content within the ULC UX exceeds the available size within the web browser the browsers displays scrollbars that can be used to navigate to the currently not visible parts of the content.

If scrollbars are required within a panel due to the size of the panel than these scrollbars are also displayed within the ULC UX.

Copy to local Clipboard

Due to the server/client architecture of the ULC UX a direct copy to the clipboard from the UI to the client machine is not possible. In this case the server will prompt a copy dialog in the right bottom corner of the ULC UX interface.

Figure 3. Copy to local Clipboard Dialog and Success