Hello,
I edit the post to be more precised about what I want to do and what's happening.
I need to get and set data from _Users DPT internal via Desktop UI to allow a few users administrate users and user groups out of gedi.
Since we update to 3.17 version with SSA for all managers session binding. When we try to get or set data from _Users DPT via Desktop UI, we lose the connection with Event manager.
I see in winccoa help documentation that the data points of the data point type _Users can only be set via the command channel.
I use UserManagement functions to get and set the _Users DPT internal but it still losing the connection with Event manager.
The main questions I have is, why Event managers closes the connection and how command channel checks the Dektop UI user?
If the problem is about hosts certs, how can I enable more users apart root to start a connection with Event manager?
I didn't found further information in winccoa help documentation.
We have all certs needed for each user but, with the current entries on config file only root user is enable to do it.
Current entries of config file:
[general]
ssaPrivateKey = "file:SSA_rootUser.key"
ssaCertificate = "file:SSA_rootUser.crt"
And if I append new entries for other users like below didn't works, it's like only root user is allowed to connects to Event.
[general]
ssaPrivateKey = "file:SSA_rootUser.key"
ssaCertificate = "file:SSA_rootUser.crt"
ssaPrivateKey = "file:SSA_user1.key"
ssaCertificate = "file:SSA_user1.crt"
Thanks.
get and set _Users data via Desktop UI
- pablo.chamorro
- Posts:54
- Joined: Mon Jan 27, 2020 1:42 pm
get and set _Users data via Desktop UI
Last edited by pablo.chamorro on Fri Sep 25, 2020 5:41 pm, edited 1 time in total.
- dbindernagel
- Posts:161
- Joined: Mon Feb 23, 2015 1:34 pm
Re: Enable multiple users on SSA for all Managers with session binding
Not done this yet myself but looking at the help it seems you can only do it by using different IDs for the UI managers.
(Entry from help: Special functions > Security > Authentication > Server-side Authentication > Server-side Authentication for Managers)
Quite interested myself now. It seems like having a remote client where different users can connect seems more complicated to do.
(Entry from help: Special functions > Security > Authentication > Server-side Authentication > Server-side Authentication for Managers)
Quite interested myself now. It seems like having a remote client where different users can connect seems more complicated to do.
Code: Select all
[ui_10]
ssaPrivateKey = "file:SSA_cert/para.key.pem"
ssaCertificate = "file:SSA_cert/para.cert.pem"
[ui_11]
ssaPrivateKey = "file:SSA_cert/user1.key.pem"
ssaCertificate = "file:SSA_cert/user1.cert.pem"
- pablo.chamorro
- Posts:54
- Joined: Mon Jan 27, 2020 1:42 pm
Re: Enable multiple users on SSA for all Managers with session binding
Hi dbindernagel,
Thank you for your answer. It can be an alternative. I will research if I can assign static UI IDs to a workstation to be sure that uses the correct certificates.
I'm trying to debug SSA connection with the -dbg SSA on Event manager but it only debugs local connection. Anyone knows how to debug remote SSA connections ?
The Desktop UI - Event manager connection is failing and I can't see if I'm doing it right.
Thanks.
Thank you for your answer. It can be an alternative. I will research if I can assign static UI IDs to a workstation to be sure that uses the correct certificates.
I'm trying to debug SSA connection with the -dbg SSA on Event manager but it only debugs local connection. Anyone knows how to debug remote SSA connections ?
The Desktop UI - Event manager connection is failing and I can't see if I'm doing it right.
Thanks.
- gschijndel
- Posts:376
- Joined: Tue Jan 15, 2019 3:12 pm
Re: Enable multiple users on SSA for all Managers with session binding
The certificate option should only be used for non-UI managers.
For UIs look in the documentation under: Security -> Authentication -> Server-side Authentication -> Server-side Authentication for UI Managers
For UIs look in the documentation under: Security -> Authentication -> Server-side Authentication -> Server-side Authentication for UI Managers
- pablo.chamorro
- Posts:54
- Joined: Mon Jan 27, 2020 1:42 pm
Re: Enable multiple users on SSA for all Managers with session binding
Hi gschijndel,
I'm agree with u but when I asked to winccoa support my lost connection problem when I tried to modify the _Users DPT via Desktop UI, they asnwered me that the problem was on my certs configuration, because the event manager closed the connection.
I asked too for if I have to specify both options accessControlPlugin entries "AccessControlPlugin" and "AccessControlPluginUser" to use SSA for UI and for all managers and they told me that specifing for all managers "AccessControlPlugin" is enought.
So I think is needed to use certs to be able to connect with event manager via Desktop UI.
Maybe I'm wrong, I'm a little bit confused right now and it is being hard to solve.
I'm agree with u but when I asked to winccoa support my lost connection problem when I tried to modify the _Users DPT via Desktop UI, they asnwered me that the problem was on my certs configuration, because the event manager closed the connection.
I asked too for if I have to specify both options accessControlPlugin entries "AccessControlPlugin" and "AccessControlPluginUser" to use SSA for UI and for all managers and they told me that specifing for all managers "AccessControlPlugin" is enought.
So I think is needed to use certs to be able to connect with event manager via Desktop UI.
Maybe I'm wrong, I'm a little bit confused right now and it is being hard to solve.