Skip to main content

i4scada Knowledge Base

Domain user login / logout

Abstract

Check out this article to learn more details about the Active Directory Login and Logout or to understand the Security Services involved in these processes.

Another login type is the domain user login (Active Directory login), most commonly met at level of organizations, companies or enterprises.

For more details regarding theEwon by HMS Networks WCF Security Service methods, please refer to the Security Service documentations.

In order for the users to be able to login through the domain, the domain security needs to be enabled under the Settings section of the i4scada Studio. Additionally, at lease one Domain name needs to be defined.

Studio_Settings_for_Domain.jpg

The Domain security settings under i4scada Studio

Login

In order to proceed with login, the user needs to enable the Domain User button in the login dialog. Further on, the user can start typing in the domain username and password and press the Login button.

Domain_login.jpg

The Domain login dialog

As soon as the Login button is clicked the requested login URL is called. Just as in case of the Ewon by HMS Networks login, the login is handled by the Security Service using the Login method.

In comparison with the Ewon by HMS Networks login, the Domain login will be validated against the Active Directory. If the validation succeeds, the user's Authorization Groups from Active Directory are matched against the user's Authorization Groups from the i4scada database and the matching Authorization Groups are applied.

Note

First time a domain user logs in, a corresponding user will be added in i4scada Studio to the User Manager list.

New_user_added_in_Studio.jpg

New domain user added to i4scada Studio User Manager

The Login method will create a security token which contains all the relevant user information, such as username, password and authorization groups.

Login Request Payload example:

{sessionId: "f8e43397-7447-457d-9d19-796*********", clientId: "2f229b36-6ade-4a36-82c6-b9c********",…}

clientId: "2f229b36-6ade-4a36-82c6-b9cad4d****"

isDomainUser: true

millisecondsTimeOut: 10000

password: "examplepassword"

sessionId: "f8e43397-7447-457d-9d19-796*********"

userName: "exampleusername"

Logout

The logout form, for a Domain user is submitted as soon as the user presses the logout button.

Logout_dialog.jpg

The Domain user logout dialog

The logout is handled by the Security Service using the LogoutByToken method.

Logout Request Payload example:

{,...}

millisecondsTimeOut: 10000

securityToken: "H4sIAAAAAAAEAAXBy5ZDMAAA0A+yMEWwNfEoLVIj2toRTkQJFe+vn3sTWLh+cFv2YbH2U9Y91xZZlzsehUZCkXRUn6FroDqH28tUjsDyt9xV7DjjLzCM7S/CYS+**********ccNZBxF0/7zrM8ML1gjDdS/3FppuQxSzTkJHq6pNKB6Erbl0V/Letgkcn8qKkF1wExAF3E54+6dSIxSZfIRvJzFORBsLOG1xYe2zqbl3mfWqWbpwXJHh/N9rzpRex+P6QeEuJrqJo031vDIZt3NSzIuZD3icNbuBq***************hHOAAEAAA=="NameLogoutByToken