Public Security Level in Vision When using SAML IDP

@jspecht I have been looking over this and I don’t see a way but I would like to get verification.

For a vision project that uses an identity provider we’d like to have the default login be the equivalent of perspective “public” and then on certain restricted components or views, then require login which would go to SAML IDP. These are HMI views that would be on the floor and always open.

In perspective there is a clear way to achieve this and in general we would push to have everything in perspective from here on.

However for the case I am referring to, it seems we will have little choice but to use vision so we are evaluating options. I don’t really see a way to achieve this in vision.

Thanks,

Nick

Unfortunately I do not believe there is a way to achieve what you want since vision clients have always required a user to be logged into their sessions up-front by design, so the ability to have an anonymous session is not possible.

You’re probably better off using the classic auth strategy in this case. With the classic auth strategy, you could use the auto-login feature to emulate an anonymous session using hard-coded credentials. You could then perform progressive authentication to allow access to more features in the project by using scripting (such as switchUser).

I was thinking that we could explore adding a new set of scripting functions like Perspective’s system.perspective.login and system.perspective.logout to allow for an experience similar to the progressive login experience that system.security.switchUser offers. But even if those were implemented…you would still need a way to perform auto-login up-front (which is likely not possible and potentially insecure if you are able to figure out a way to do this) or vision would need to be able to support anonymous sessions (which is potentially a pretty large refactor of vision’s access control system since it is built upon roles and security zones and not on security levels).