Windows Authentication
The security section of the CIMPLICITY Workbench allows an administrator to set up Windows Authentication under the domain settings. This authentication setting is enabled via the "Enable Windows Authentication" check box as shown below.
With this authentication enabled the administrator has access to the Authentication types "Windows Domain" and "Windows Domain with Group Mapping" as shown below.
If "Windows Domain" is chosen, then the password and user name supplied to the server from an OPC UA client must match those on the domain being used by the CIMPLICITY project.
The same is true if "Windows Domain with Group Mapping" is chosen. In this case, the role and resources of the user will be updated to match those delegated by the Windows authentication panel. In the example above, a user belonging to the Domain Users Windows group will inherit a role of USER and the resource $MAC_FR. If a user is in multiple groups, the group with the highest priority will be used to determine the role and resources. If the user is not in any of the groups listed, then the user will be rejected.
In the case that the CIMPLICITY user does not exist, the server will attempt to use Windows authentication with the credentials supplied from the OPC UA Client. In this case, if the user is found in the groups specified above, a CIMPLICITY user will be created with the authentication type "Windows Domain with Group Mapping" and inherit the role and resources of that group.
The user name provided from the client must be in the form of username@domain or domain\username, where the domain is a case insensitive match to the domain chosen in the project's Windows Authentication page.