Auto login with AD

We have an application where the users can create a profile to personalize their experience and it works fine. We are using the AD/Internal Hybrid user source.

We would like to do an automatic login for the users, since they normally login with their AD into the Windows Session and we want to prevent them to have to type again their credentials, but to continue to have their profile, instead of a shared one.

How can we do it?

2 Likes

You will need to enable SSO (single-sign-on) on both the Ignition user source and inside each project that you want to allow SSO. See this page:
https://docs.inductiveautomation.com/display/DOC79/Active+Directory+Authentication

Once that’s done, you should be automatically logged in to Ignition whenever you open your project.

2 Likes

I tried your suggestion, but Ignition insists showing up the login window. If I press the login button without the user and password it returns an error. What might be happening?

Try enabling the Java console ( https://www.java.com/en/download/help/javaconsole.xml ) to see if there’s any error being logged about invalid authentication/unable to reach the directory, etc.

You can see below the error I get.

Okay - so Ignition is attempting the login, but it’s failing for some reason.
If you enter just a username/password into the client, is that able to log in correctly? If so, then it might be an issue with the ‘SSO Domain’ property of the user source.

If you go to Status → Diagnostics → Logs, then set the UserSource.AD_Internal_Hybrid logger to TRACE you can see the incoming login attempt and how it’s passing the username in. You may need to modify the prefix/suffix properties in the advanced AD properties:

1 Like

According to the log, what I see is that Ignition looks for the users each 90 seconds

then when I open the project the following is logged and there isn’t any automatic login

and shows the login window, so I set my credentials and the following is logged

What do you think?

any idea of this? I have the same problem

I too am having a similar issue with SSO not working. Was this problem every resolved?

1 Like

Exactly the same here. Nothing I do seems to enable SSO on anything, projects, designer, nothing.
SSO ** IS ** enabled in Gateway, for designer.
SSO ** IS ** enabled in the AD/Internal Hybrid User source.
SSO ** IS ** enabled in projects.
The system User Source is set to the AD/Internal Hybrid source.

Diagnostic logs don’t even show an attempt to log in for designer, gateway, or any projects at all.
I’ve even restarted the gateway, and rebooted its host machine. No dice.
All logins must either be manual, or for projects configured to use a specific user in the project.

Very frustrating.

Try the Authentication.SSOHelper logger on the gateway on TRACE.
https://support.inductiveautomation.com/index.php?/Knowledgebase/Article/View/119/0/obtaining-ignition-logs#change-logger-level

2 Likes

Okay, the issue upon tracing it down more seems to be:
"SSO domains did not match! Compared ‘MYCOMPANY.lan’ and ‘MYCOMPANY’.

The AD/Internal Hybrid MUST beconfigured with the Domain as “MYCOMPANY.lan”, not just “MYCOMPANY”, or, while it will authenticate users, I cannot actually browse the directory to assign user roles.
I have tried leaving SSO Domain blank, using just “MYCOMPANY”, and using “MYCOMPANY.lan”, all with the same error message.

1 Like

FYI for others… that comparison of SSO domain is also case sensitive. “MYCOMPANY” won’t match “mycompany”

1 Like