I think the punchline is that if you can't get connected with security by pointing OSI PI at the discovery endpoint URL then you need to get OSI PI involved, and potentially get them to fix their client.
Ignition has an admittedly unusual endpoint setup re: security. This will be changing in 8.3 due to the trouble it seems to cause for some 3rd party clients.