How to check if SSA is active?

Post by **fandersen** » Thu Aug 18, 2022 12:04 pm

Hi together,

I want to check that the customers configuration of WinCC OA 3.17 is not allowing client-side authentication.

In "SSA-111512: Client-side Authentication in SIMATIC WinCC OA" it states that WinCC OA 3.17 is allowing client-side authentication in a non-standard configuration. https://cert-portal.siemens.com/product ... 11512.html

However, the WinCC OA 3.17 manual states that client-side authentication is allowed by default:

[general]
serverSideAuthentication = 0 (default)

How can I determine that SSA is active?

Can I e.g. somehow check the current state of the "serverSideAuthentication" config at runtime?

BR/Florian

Post by **kilianvp** » Fri Aug 19, 2022 11:09 am

You can use

Code: Select all

 (0 == paCfgReadValueDflt(getPath(CONFIG_REL_PATH) + "config", "webClient", "clientSideAuth", 1));

its from scripts/libs/classes/auth/OaAuthMethod.ctl isServerSideAuthEnabled()

Post by **fandersen** » Wed Aug 24, 2022 12:18 pm

Hi killian,

thanks for your answer but I meant the regular UI.

Sure, I could just check the config file if a certain option is present.

To the normal user, the authentication mechanism is transparent.

But how could I check at runtime that the SSA is actually active?

Is there any evidence that the option is active or deactivated? Maybe a log entry, global variable etc.?

BR
Florian

Post by **gschijndel** » Wed Aug 24, 2022 4:39 pm

The following DPEs are written:
_Ui_<X>.SessionToken
_System.Auth.SessionTokenInterface

I guess it could be used to determine if SSA is active.

Post by **fandersen** » Tue Aug 30, 2022 6:13 pm

Hi gschnijndel,

yeah, as a quick check this might be useful.

HowTos

How to check if SSA is active?

How to check if SSA is active?

Re: How to check if SSA is active?

Re: How to check if SSA is active?

Re: How to check if SSA is active?

Re: How to check if SSA is active?