Locked out - urgent

So I was messing around with Identity Providers…
And somehow, I’m now locked out of the gateway.

Is there a way to set the IDP back to default, through CLI or some xml config file on the gateway itself ?

Please help… this is urgent

https://docs.inductiveautomation.com/display/DOC80/Gateway+Command-line+Utility#GatewayCommand-lineUtility-ResetthePassword

that did however solve the problem… I was under the impression that it only reset the password… but appearently it made a temp IDP also… thanks for the help

1 Like

I’m in the same boat, they say temp but I cant remove them. what did you end up doing?

After you reset the credentials, and re-commission, your gateway web interface’s security is set to the temporary identity provider & user source. You have to fix your original user source to allow you to log in, and change the gateway to use it again. When the temporary source isn’t used anywhere, then you should be able to remove it. (Including logging back into the gateway with the corrected original user source.)

1 Like

We decided a good strategy was to have the IdP do a soft failover to Ignition’s default provider and have the Administrator in there so that if anything happens the IdP we can still get in to fix it. It works.

6 Likes

My clients all do this too, so they can put contractors in the default provider instead of giving them domain accounts.

6 Likes

Thanks, I missed changing it in the general section of identity providers. I’m good now!

1 Like

Is there a tutorial on how to set the failover for IdP?

The Failover User Source is a setting on the User Source that the IdP is using, so it can be a little confusing to find.

First navigate to your IdP settings (Config > Security > Identity Providers) and note the User Source it is using. Then navigate to the User Source (Config > Security > User Sources) and edit it. Here you will find the two settings needed for failover: “Failover Source” and “Failover Mode”.

As others have noted it is common practice to set the Failover Source to the default Internal User Source with a soft Failover Mode.

2 Likes

Try this:

Then create a user source:


and further down the page …

  1. Your company’s domain name.
  2. Get this from your IT department.
  3. Same.
  4. You’ll need a service account set up so that Ignition can log in to Active Directory to check credentials.
  5. Set the password.
  6. SSO option.
  7. In my case it was essential that this was in capital letters.
4 Likes

v8.1.41
@kvane I'm setting up an OpenID Connect IdP. I don't see any configuration for setting the User Source (in my case Ignition default).
Suggestions?
Thank you.

No such thing. IdP's cannot do failover. Ignition user sources can do failover, and Ignition's native IdP can point at any such user source.

IdPs cannot be configured to do failover. Any such would have to supported by the IdP itself.

Recent similar topic:

1 Like

@pturmel I didn't think so. Thanks Phil !