Beijer ELECTRONICS X2 pro High Performance HMI Panels for All Automation Needs User Guide

Beijer ELECTRONICS X2 pro High Performance HMI Panels for All Automation

Needs

Specifications

Product Name: AdAuth – Active Directory authentication
Version: SER0076_V1.1.0
Release Date: 2023-10

Product Information

Installation Instructions

1. Unzip the zip file on the desktop.
2. Install the PASSWORD.TTF font file for use in the iX Developer by right-clicking on the file and choosing “Install for all users.”
3. Copy the AdAuth folder and its content to the folder C:UsersPublic.

Frequently Asked Questions (FAQ)
Q: What is the purpose of AdAuth?
A: AdAuth enables iX user authentication using Active Directory, allowing for secure login functionality.
Q: Which iX panels are compatible with AdAuth?
A: AdAuth can be used with any iX panel, such as X2 pro or X2 base.

iX user authentication using AD
SER0076 – AdAuth – Active Directory authentication

 Function and area of use

This document provides guidelines how to use Active Directory authentication in your iX project. It explains step-by-step how you can test run the demo project and then implement the functionality in your own project.

About this document

This quick start document should not be considered as a complete manual. It is an aid to be able to startup a normal application quickly and easily.

Copyright © Beijer Electronics, 2023
This documentation (below referred to as ‘the material’) is the property of Beijer Electronics. The holder or user has a non-exclusive right to use the material. The holder is not allowed to distribute the material to anyone outside his/her organization except in cases where the material is part of a system that is supplied by the holder to his/her customer. The material may only be used with products or software supplied by Beijer Electronics. Beijer Electronics assumes no responsibility for any defects in the material, or for any consequences that might arise from the use of the material. It is the responsibility of the holder to ensure that any systems, for whatever applications, which is based on or includes the material (whether in its entirety or in parts), meets the expected properties or functional requirements. Beijer Electronics has no obligation to supply the holder with updated versions.

Use the following hardware, software, drivers and utilities in order to obtain a stable application: In this document we have used following software and hardware

• iX Developer 2.40 SP7 or later
• •AdAuth (included in SER0076 )
• X2 series and iX PC RT (iX runtime)

For further information refer to

• iX Developer Reference Manual and iX Developer Users Guide
• Beijer Electronics knowledge database, HelpOnline
• This document and other quick start documents can be obtained from our homepage.
• Please use the address support.europe@beijerelectronics.com for feedback.

 iX user authentication using AD

The following chapters describes important procedures of installation and settings needed to get a well functioning system.
The solution makes it possible to implement AD authentication for any iX panel, e.g. X2 pro or X2 base. To use AD login from any iX panel (X2 series), the following solution can be used. The AdAuth application is a lightweight PC application (proxy) acting as TCP server and LDAP client. The iX script by default supports a local emergency user.

The zip file includes the following folders and files:

AdAuth| Folder containing AdAuth files: AdAuth.exe , AdAuth.ini and tcpServer.dll

Version 1.1.0

---|---
iX| Folder containing iX demo project (iX Developer 2.40 SP7 or later)
PASSWORD.TTF| Font file for password characters

Installation of software

1. Unzip the zip file e.g on the desktop.
2. The font PASSWORD.TTF will be used in the iX project when entering the password.
3. Right-click on the file PASSWORD.TTF and choose “Install for all users”. The font will now be possible to use in iX Developer.
4. Copy the folder AdAuth and its content to the folder C:\Users\Public .

Run AdAuth and iX demo project

1. By creating a shortcut on the desktop, it will be easier to start AdAuth .

2. Start AdAuth . It will use the domain that the PC belongs to unless you specify it in the ini file. If you want the program to start automatically, copy the shortcut to the folder
   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp .

3. The ini file contains a few comments indicating possible optional settings.
   Note that a line starting with a semicolon in an ini file is a comment!
   After editing the ini file, you must restart AdAuth .

4. Once AdAuth is running, it’s time to test the iX demo project for the first time.

5. Note that the listening port of AdAuth (default 3001 ) TCP must be open in the firewall

6.  Open the iX demo project in iX Developer 2.40 SP7 or later.

7. Open the script module scmSecurity and check / adjust the IP address referenced in the script. If you want to test run it on the same machine as AdAuth, you can use localhost (address 127.0.0.1) that is default in the iX demo project.

8. Press the green Run button in iX Developer.

9. In the iX demo project, press Login/Logout and enter your AD domain login. User name and password are sent encrypted.

10.  This result in a response from AD and AdAuth saying what groups you belong to in a debug textbox (see image)

11. If there is a match with any iX Developer Security groups, you are logged-in into iX Security as your user name with access to those groups.

12.  If there’s no match it will says “Login Failed”.

13. Since character ” ” (space) or “.” (dot) are not allowed in iX Security group names, it’s replaced by “_” as in “Floor 5” (image).

14. Login attempts are logged in AuditTrail (see image)

15. Debug window in AdAuth (image)

16. To add the solution to your own iX project, you will have to do the following:
    Import the script module scmSecurity and the screen popLogin. Style popLogin so that it matches your project.

17. Adjust the Security settings (see image) so that iX Developers own built-in login dialog isn’t used.

18.  In the picture below, the button requires Security group “Administrators” with and the behaviour follows the “Default” settings as specified above.

19. There should be only one single dummy user “Administrator” configured in iX Security withthe password “Password” to match the script (see image)

20. The iX Security groups used in the project should match some of the AD Security groups.

21. If you choose to import also the screen “_bg”, “Screen1” and “Screen2”, you will automatically get the Login/Logout button, the system tag SystemTagCurrentUser and the AuditTrailViewer as in the demo project.

Emergency user
Note! The iX script by default supports a local emergency user. This is optional but might be good if you expect the AD server to be unavailable sometimes.
This user can easily be disabled, and the name of this user (default “Local”) can be easily adjusted as well as the password.

 About Beijer Electronics

Beijer Electronics is a multinational, cross-industry innovator that connects people and technologies to optimize processes for business-critical applications. Our offer includes operator communication, automation solutions, digitalization and support. As experts in user-friendly software, hardware and services for the Industrial Internet of Things, we empower you to meet your challenges through leading-edge solutions.
Beijer Electronics is an Ependion company. Ependion (formerly Beijer Group) is listed on the NASDAQ OMX Nordic Stockholm Mid Cap list under the ticker EPEN.
www.ependion.com

Contact us
Global offices and distributors

References

• Contact us - Beijer Electronics
• Help online - tree view - Beijer Electronics

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>