SIMATIC WinCC Open Architecture Forum


https://www.winccoa.com/forum/

Active Directory block login

https://www.winccoa.com/forum/viewtopic.php?t=11145

Page 1 of 1

Active Directory block login

Posted: Fri Jul 24, 2020 9:43 am
by ozangor
Hi there,

In our project, we enabled the active directory authentication.

I have two challenges right now:

1 - I need to block the login entirely if the user trying to login is not a member of any of the 5 predefined groups. Is it possible to do this via configuration?
2 - Is there also a way to disable automatic group creation when a new user logs in? I only want to keep my 5 groups that should be using the application.

Thanks in advance.

Re: Active Directory block login

Posted: Wed Jul 29, 2020 2:31 pm
by gschijndel
Take a look at the topic: Windows AD Authentication - User Names with Spaces

You could derive your own authentication class from 'OaAuthMethodAD' and overwrite the result of 'OaAuthMethodAD::isUserVerified' with additional checks to block logins (since 3.17).
Blocking the logins might also prevent the automatic group creation, otherwise overwrite the result of 'OaAuthMethodAD::getExternalIdForGroup' with an empty string to prevent the group creation.
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited