In Niagara, you can use the Client Certificate Authentication feature
to facilitate a “kiosk-like” application. This would be useful for
the purpose of providing an information display in a lobby, or an
operator terminal in a mechanical room, where the browser automatically
connects and authenticates to the station without user interaction.
This procedure is performed by the Station Admin.
- In a Property Sheet view of the station’s Services container, click to expand and confirm that the Auto Attempt Single
Sign On property is set to false.
This allows authentication to bypass the automatic SSO logon
prompt when a user access the station.
- Follow the workflows provided to “Set up client certificate
authentication” (described in the Station Security Guide, User Authentication
chapter).
Note: You will need to complete the procedures for both the
Admin and User workflows for client certificate authentication. You
will be creating a client certificate for a new user for the kiosk-like
mode on this station, and you will also configuring this user for
client certificate authentication.
- In the NavTree, double-click on the UserService to open
the User Manager view, and click New to create a new station user (e.g., “kioskUser”), and configure
the new user as follows:
- For Auto Logoff Enabled, click
the checkbox to deselect (disable) it.
- For the Authentication Scheme Name click the dropdown list and click to select ClientCertAuthScheme
- For Password, enter the required
Private Key Password for the user’s client certificate.
- In User Manager view, click the Views dropdown list and click on Permissions
Browser.
- In the Permissions Browser expand
folders and confirm that this new user has a limited permissions set,
appropriate for this kiosk-like mode.