Can you tell me how to impliment the hybrid security profile? I assume that I need to add a AD/Hybrid profile, but it looks like all that it is asking for is the AD information in the add screen. How do I impliment groups with this profile?
Thats the “hybrid” part of the active directory hybrid authentication profile.
Active directory provides a yes/no as to whether a given username/password is valid or not, and then FactoryPMI matches that username up with the manually-entered usernames and roles that you set up in the FactoryPMI Gateway, just like an internal profile.
It is explained in more detail in the user manual: inductiveautomation.com/prod … hybrid.htm
Hi Carl,
I must still be doing something wrong. I added the hybrid profile. Then I tried to add my user ID which is “Ron.Mayfield”, but I get an error because it does not like the period. I added David to as a user and that worked fine. I also added a roll, and added David to that roll. I then ran the project and entered David as the user name, but since I don’t know his password, I left it blank and the project still opened. I then tried other user names with blank passwords and they worked also. Any ideas?
Ok, a few things here.
About the period - this is because the internal profile’s character rules are different than active directory. This will be fixed.
The other thing is a quirk of our authentication system. In order to open a project, you simply have to have a valid username/password. Roles are not taken into account. In order to open any windows, then roles are considered in accordance to the security settings of the window.
You can add a startup script on your project that checks the user roles and calls logout() if they aren’t acceptable.
Thanks Carl and I hate to ask, but can you show me what that might look like? I am not sure how to examine the users rolls.
Something like this:
if "Administrators" not in fpmi.security.getRoles():
fpmi.security.logout()
If you need more granularity in your role inspection
authenticated = 0
roles = fpmi.security.getRoles()
for role in roles:
if role == "Administrators" or role == "Users":
#DO SOMETHING
authenticated = 1
elif role == "SomethingElse":
#DO SOMETHING ELSE
authenticated = 1
if authenticated == 0:
fpmi.security.logout()
Ron - you might want to peruse the Technical Reference > Jython > Built-in Modules section of the user manual to find all sorts of interesting functions that you may find useful.