Hello Colleagues,
Unfortunately, there still is a problem:
ULC UX (in SSO mode) uses the credentials from HTTP-server, not from User's browser. So ALL users log into the system under the same account - under which the HTTP-server runs.
Could you, please, advise - Is there any way to use a real User account?
Is it really possible to use Single Sign On (SSO) for ULC UX Client?
- aserov
- Posts:15
- Joined: Fri Mar 20, 2015 9:31 am
Re: Is it really possible to use Single Sign On (SSO) for ULC UX Client?
- yavaskoray
- Posts:29
- Joined: Mon Dec 02, 2013 11:15 am
Re: Is it really possible to use Single Sign On (SSO) for ULC UX Client?
Hello Andrey,
do you have this problem still? If you find the solution, then please explain how. I am also thinking to use ULC UX.
do you have this problem still? If you find the solution, then please explain how. I am also thinking to use ULC UX.
- jmad
- Posts:14
- Joined: Fri Sep 29, 2017 8:37 am
Re: Is it really possible to use Single Sign On (SSO) for ULC UX Client?
Hi,
yes, it is possible to run single sign on for ULC UX in Active Directory enabled environments (we use Kerberos here internally, would work in Linux as well). Please find in the ULC section of the online help some step by step instructions for enabling sso for ULC UX. Please also let me know your experience.
Single Sign On
Single Sign On (SSO) authentication is used for the purpose that a user does not need to log in to every application after he is successfully logged on to the domain. SSO authentication increases the IT security since the user management is centralized and administrated by the IT administrators. Moreover, it increases the comfort for the user.
To use SSO for your WinCC OA project the corresponding IT infrastructure must be available in your network.
For a detailed description of SSO for WinCC OA please refer to User administration, basics
CAUTION
The authorization bits (bit 32) are not considered for SSO with ULC UX.
CAUTION
For Single Sign On with ULC UX, the server project must run as Windows Service. How to configure the server project as Windows service, see chapter Configuration of the service.
How Single Sign-On Works
The following steps demonstrate how SSO is working for the ULC UX
[ol][*]A user accesses the web server via the web browser and automatically provides the user credentials via secure HTTPs – “negotiation” authorization.[*]
[*]The WinCC OA Web Server checks whether the user credentials are stored and authorized in the Key Distribution Service (Active Directory in case of Windows and Kerberos in case of Linux). If user is authorized the process continues from step 5 in this list.[*]
[*]If there are no credentials stored for this user or error at authorization occurs (e.g. wrong password) the user’s browser prompts a logon form and has to logon manually.[*]
[*]The User supplies credentials.[*]
[*]The WinCC OA Web Server starts the WinCC OA user interface with the provided credentials. The User Interface itself automatically tries to logon the user with the provided credentials to the WinCC OA project running on the WinCC OA server. If the login fails or the user does not exist the login panel is shown.[*]
[*]If the User’s credentials are not stored within the WinCC OA project, a WinCC OA Administrator has to add the user to the project either via[*][/ol]
Login one time via native Client on the WinCC OA server in case of activated Windows authorization
or
Create the user manually via WinCC OA user management.
BR Jörgen Mad
yes, it is possible to run single sign on for ULC UX in Active Directory enabled environments (we use Kerberos here internally, would work in Linux as well). Please find in the ULC section of the online help some step by step instructions for enabling sso for ULC UX. Please also let me know your experience.
Single Sign On
Single Sign On (SSO) authentication is used for the purpose that a user does not need to log in to every application after he is successfully logged on to the domain. SSO authentication increases the IT security since the user management is centralized and administrated by the IT administrators. Moreover, it increases the comfort for the user.
To use SSO for your WinCC OA project the corresponding IT infrastructure must be available in your network.
For a detailed description of SSO for WinCC OA please refer to User administration, basics
CAUTION
The authorization bits (bit 32) are not considered for SSO with ULC UX.
CAUTION
For Single Sign On with ULC UX, the server project must run as Windows Service. How to configure the server project as Windows service, see chapter Configuration of the service.
How Single Sign-On Works
The following steps demonstrate how SSO is working for the ULC UX
[ol][*]A user accesses the web server via the web browser and automatically provides the user credentials via secure HTTPs – “negotiation” authorization.[*]
[*]The WinCC OA Web Server checks whether the user credentials are stored and authorized in the Key Distribution Service (Active Directory in case of Windows and Kerberos in case of Linux). If user is authorized the process continues from step 5 in this list.[*]
[*]If there are no credentials stored for this user or error at authorization occurs (e.g. wrong password) the user’s browser prompts a logon form and has to logon manually.[*]
[*]The User supplies credentials.[*]
[*]The WinCC OA Web Server starts the WinCC OA user interface with the provided credentials. The User Interface itself automatically tries to logon the user with the provided credentials to the WinCC OA project running on the WinCC OA server. If the login fails or the user does not exist the login panel is shown.[*]
[*]If the User’s credentials are not stored within the WinCC OA project, a WinCC OA Administrator has to add the user to the project either via[*][/ol]
Login one time via native Client on the WinCC OA server in case of activated Windows authorization
or
Create the user manually via WinCC OA user management.
BR Jörgen Mad