Hi guys,
I am trying to setup a login architecture that uses 3 user sources.
- AD Hybrid (project user source) which soft fails over to
- Database which soft fails over to
- Internal (guest user)
I have this working fine in that users from both sources can log into my project except the security isn’t working correctly…
For a user that falls into the database user source, I have assigned a particular role that I have duplicated in the AD Hybrid user source. I can see this user along with this role I have assigned to them on the gateway under manage users.
If I set security on a window in the project such that the user has to have this role to open, I get an “ACCESS VIOLATION”.
FYI, when I try to verify the user on the gateway it is successful except that role isn’t displayed.
Any ideas or could this be a bug?
The best way to troubleshoot this is to turn off the failovers for now and try verifying a user source individually (click the verify link in the Gateway config under User Sources). Make sure the authentication works and the roles show up. Once you have verified that we can put the failovers back to see what is going on.
I understand what is going on… it is something to do with how we are trying to implement our system which I would prefer not to get into for security reasons.
We have found a solution - we need to use the system.security.validateUser function however it doesn’t seem to be functioning as expected.
Basically, if I enter a username and password that is only in the AD Hybrid user source, then call the system.security.validateUser function stipulating the database user source it returns true…
Any ideas?
Do you have failover turned on? The validation will follow the failover.
1 Like
Ahhh, somebody else set the internal user source to fail back over to the AD Hybrid! Thanks Travis!
Hi again,
I am having another issue...
When I log in under either the AD Hybrid or the Internal (guest) user source, I can use the following code to print the name of the user:
userName = system.security.getUsername()
user = system.user.getUser("", userName)
print user
print user.get(user.FirstName)
Which returns something like this:
User[username=Guest, firstname=Guest, lastname=null, roles=]
Guest
However for users in the Database user source, I get an error:
Traceback (most recent call last):
File "event:actionPerformed", line 4, in
AttributeError: 'NoneType' object has no attribute 'get'
at org.python.core.Py.AttributeError(Py.java:173)
at org.python.core.PyObject.noAttributeError(PyObject.java:930)
at org.python.core.PyObject.getattr(PyObject.java:925)
at org.python.pycode._pyx333.f$0(event:actionPerformed:4)
at org.python.pycode._pyx333.call_function(event:actionPerformed)
at org.python.core.PyTableCode.call(PyTableCode.java:165)
at org.python.core.PyCode.call(PyCode.java:18)
at org.python.core.Py.runCode(Py.java:1275)
at com.inductiveautomation.ignition.common.script.ScriptManager.runCode(ScriptManager.java:636)
at com.inductiveautomation.factorypmi.application.binding.action.ActionAdapter.runActions(ActionAdapter.java:180)
at com.inductiveautomation.factorypmi.application.binding.action.ActionAdapter.invoke(ActionAdapter.java:271)
at com.inductiveautomation.factorypmi.application.binding.action.RelayInvocationHandler.invoke(RelayInvocationHandler.java:57)
at com.sun.proxy.$Proxy22.actionPerformed(Unknown Source)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Ignition v7.9.9 (b2018081621)
Java: Oracle Corporation 1.8.0_171
Because of how I.T. have setup their systems I have to use the firstname as the password aswell, could this be what is causing all of this?