Question on hybrid security profile

Can you tell me how to impliment the hybrid security profile? I assume that I need to add a AD/Hybrid profile, but it looks like all that it is asking for is the AD information in the add screen. How do I impliment groups with this profile?

Thats the “hybrid” part of the active directory hybrid authentication profile.

Active directory provides a yes/no as to whether a given username/password is valid or not, and then FactoryPMI matches that username up with the manually-entered usernames and roles that you set up in the FactoryPMI Gateway, just like an internal profile.

It is explained in more detail in the user manual: inductiveautomation.com/prod … hybrid.htm

Hi Carl,
I must still be doing something wrong. I added the hybrid profile. Then I tried to add my user ID which is “Ron.Mayfield”, but I get an error because it does not like the period. I added David to as a user and that worked fine. I also added a roll, and added David to that roll. I then ran the project and entered David as the user name, but since I don’t know his password, I left it blank and the project still opened. I then tried other user names with blank passwords and they worked also. Any ideas?

Ok, a few things here.

About the period - this is because the internal profile’s character rules are different than active directory. This will be fixed.

The other thing is a quirk of our authentication system. In order to open a project, you simply have to have a valid username/password. Roles are not taken into account. In order to open any windows, then roles are considered in accordance to the security settings of the window.

You can add a startup script on your project that checks the user roles and calls logout() if they aren’t acceptable.

Thanks Carl and I hate to ask, but can you show me what that might look like? I am not sure how to examine the users rolls.

Something like this:

if "Administrators" not in fpmi.security.getRoles(): fpmi.security.logout()

If you need more granularity in your role inspection

authenticated = 0 roles = fpmi.security.getRoles() for role in roles: if role == "Administrators" or role == "Users": #DO SOMETHING authenticated = 1 elif role == "SomethingElse": #DO SOMETHING ELSE authenticated = 1 if authenticated == 0: fpmi.security.logout()

Ron - you might want to peruse the Technical Reference > Jython > Built-in Modules section of the user manual to find all sorts of interesting functions that you may find useful.