I have never needed to do this but how do I pull the windows log in userid into my perspective session so the user does not need to login to use some of the functionality. I cannot pull system tags the normal way since the project promotes across several plants and it won't let me just by routing to the system tag that has the info.
You don't, the bulk of a Perspective session isn't even running on the client machine, it's running on the gateway. You simply don't have access to this information. Just like any webpage you might visit in your browser doesn't have access to it.
So there is no way to identify who is logged into a PC?
Not from Perspective.
Vision then?
Yes, I think in Vision you can scrape this info out of environment variables or something... let me see if I can find a thread about it.
If I can just pull it to a new tag, which isn't working with system tags either, I can utilize it in Perspective.
system.util.getProperty("user.name")
might be all you need.
You can't do this in Perspective because it will run in the gateway and tell you the gateway user, not the user running the Perspective session.
Either way if I have sessions running on 12 different machines I will only see one user if I did get it correct?
Yep, whatever user the Ignition Gateway is running as. As long as we're talking about the Windows / OS username. Obviously the Ignition user you're logged in as is available to each session.
Is there a way to imbed a vision module inside a perspective one.
No. You can put a Perspective Session into a Vision Client via the Web Browser component, but Perspective Sessions (browser) can not start-up or maintain Java processes (Vision Clients).
Chopped off at the knee again.
A browser generally will not start up a local executable for you, unless you go to some trouble to install that executable locally. (Like MS Teams links launch the Teams app, but only after you install the Teams app.) If you can install anything locally, and you really need this functionality, install the Vision client launcher and use Vision.
We've solved your original problem by setting up Azure Active Directory as an Identity Provider. If configured correctly, the browser will automatically log a windows user into the project via the IdP. It doesn't do any of the intermediate things you were asking about, but it makes authentication fairly painless from a user's perspective.
Right now we use the company AD and I don't think that is going to change. Not sure how to set up Azure to access this.
I believe you can still backend a SAML identity provider in an on-premises Active Directory. This article seems to indicate it may be possible. This would enable the same "automatic sign-in" features that Azure would. If you can't do this (and your IT department is less than helpful) then I'm out of suggestions.
I don't think there's an elegant way to do what you're trying to do because people who already responded would be more likely to know that than I would.
You might be able to build something in a script on the gateway scope based on the IP that clients are running from if you know that. You can use system.perspective.getSessionInfo to get session info for all sessions and you might be able to parse and filter that in a way that is useful for you.
https://docs.inductiveautomation.com/display/DOC81/system.perspective.getSessionInfo
Sample output...
[
{
"userAgent": "\u003cdesigner\u003e",
"id": "CF468EEA",
"username": "admin",
"authorized": true,
"project": "Reuseable_Templates",
"uptime": 446937,
"clientAddress": "127.0.0.1",
"lastComm": 2,
"sessionScope": "designer",
"activePages": 2,
"recentBytesSent": 21,
"totalBytesSent": "39143",
"pageIds": [
"Test",
"session-props"
]
},
{
"userAgent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36",
"id": "bbb56cc4-44e9-4f72-a7a6-ba831f0c9b53",
"username": "Unauthenticated",
"authorized": true,
"project": "Reuseable_Templates",
"uptime": 164434,
"clientAddress": "[0:0:0:0:0:0:0:1]",
"lastComm": 2862,
"sessionScope": "browser",
"activePages": 1,
"recentBytesSent": 149,
"totalBytesSent": "114630",
"pageIds": [
"2df40a56"
]
}
]
I've never used that method before. I just called it on a button, wrote the output to a custom property on the button and copy/pasted it into here. It looks like it may be possible that it is useful in your environment.
You might be able to execute a gateway script and have that send a message with system.perspective.sendMessage or you could write something to a tag or something like that.
For windows (proabbly all systems but no idea how) you could install a uri
Which could run a batfile which could send the user to the gateway... but it requires to be installed on every client and is not realy great or supported.
I made something to open the fileexplorer (to a shared folder), so you can get some inspiration here:
And exactly how would you make this happen in way the gateway could trust? And be reliably correlated to the browser session that launched it? (Trust is the point, presumably.)