Document change log

December 6, 2024

• Added "Encrypted hashed passwords" topic to "Secure communication" chapter (as of Niagara 4.15).

• Added "Setting up PKI authentication" topic to "User authentication" chapter (as of Niagara 4.15).

• Added "PKI Authentication Scheme (clientCertAuth-PKIAuthenticationScheme", "CA Configuration (clientCertAuth-CAConfiguration", and "Ca Cert And Crl (driver-CaCertAndCrl)" component topics (as of Niagara 4.15).

• Added "Fox Over WebSocket connection" chapter (as of Niagara 4.15).

• Added "Importing incomplete certificate into User Key Store" (as of Niagara 4.15).

• Updated "Station Auto Logoff" topic to include the "Absolute Logoff Enabled" option (as of Niagara 4.15).

• Added "Encrypted hashed password" chapter (as of Niagara 4.15).

• Added "Bog File Protection tool" topic (as of Niagara 4.15).

• Added "Adding and removing users from .bog file" topic (as of Niagara 4.15).

• Added "Reverting station for compatibility" topic (as of Niagara 4.15).

August 28, 2024

• Added "Setting up PKI authentication" chapter, "clientCertAuth-PKIAuthenticationScheme", "clientCertAuth-CAConfiguration", and "driver-CaCertAndCrl" component topics (as of Niagara 4.15).

• Added store size limit information to “Platform Certificate Management (platCrypto-CertManagerService)” topic (as of Niagara 4.15).

• Added new topic “Export Client Certificate in PKCS12 Format” to the “User Authentication” chapter (as of Niagara 4.15) .

May 28, 2024

• Updated “SAML Authentication Scheme (saml-SAMLAuthenticationScheme)” to include the “Requested Authentication Comparison Mode” property (as of Niagara 4.14).

• Updated TLS Settings in “Configuring secure platform communication” information to reflect JACE-9000 requirements.

• Updated “Setting up Google Authentication” topic to include information on OTP code.

• Added OTP code information when using Google Authentication to “User authentication troubleshooting” topic.

• Added new topic “SAML Password based Authentication” to the “User Authentication” chapter.

• Added new property “Requested Authentication Type” in the “SAML Authentication Scheme” topic to the “ Components” chapter.

• Updated guide based on general security review.

• Added new topic “Changing user password” to the “User Authentication” chapter

• Added “Displaying reachable stations on Security Dashboard” topic (as of Niagara 4.14).

June 19, 2023

• Added “Email Authenticator” options to “Securing emails” chapter (as of Niagara 4.13).

• Added JACE-9000 reference.

• Added “nss-SecurityDashboardDeviceExt”, “nss-ReachableStationSecurityDashboardExt”, and “nss-SecurityDashboardDataImport” component topics.

• Updated “Security Dashboard Overview” on certificate data.

• In “Platform TLS settings”, added details about updated “Certificate Alias”, “Certificate Password”, and “Use Global Certificate Password” property.

• In “Creating a server certificate”, added details about the unique private key password and global certificate password.

• Added “Creating a Client Certificate for Syslog configuration” topic to Secure Communication chapter.

• Removed some component topics that are present in the Getting Started with Niagara.

• Added new topic “HTML5 Certificate Ux Mangement View” to the “Plugins” chapter.

October 14, 2021

Added property description to WebService component Https Min Protocol property regarding addition of TLSv1.3 option.

May 19, 2021

Added Same Site property in web-WebService component topic.

April 29, 2021

In topic “Security best practices” changed the jpeg files to png.

January 26, 2021

Replaced the Screen capture of “Generate Self-Signed Certificate window” and added the Key usage. Updated the “Security Dashboard feature” and “nss-SecurityDashboardView” topics with added details on the System View feature.

October 13, 2020

Updated to include details on bulk certificate signing using the Workbench Certificate Signing Multiple Selection tool, available in Niagara 4.10 and later.

July 10, 2020

Added a new component Http Header Providers in web-WebService topic.

June 29, 2020

Added the topic: “Vulnerability management tools”

April 23, 2020

Minor edit to the topic, “Preliminary steps” in the section on setting up SAML IdP Service.

April 1, 2020

Added the procedure, “Installing a station copy on a different platform”. Also, edited this document for consistency and clarity.

March 6, 2020

Added the procedure, “Setting up alarming for certificate expiration”, in the “Secure communication” chapter. Also added the following component topics to support online help: nss-ExpiryAlarmExt and nss-CertificateInfo.

January 22, 2020

Updated for Niagara 4.9.

• Added new content on the SAML IdP Service in the “Single Sign On” section and in the “Components” section.

• Also, replaced references to “applet” and “WebStart” with “Web Launcher”.

• In the topic, “Security precautions”, added a caution note alerting customers to restrict access to all computers, devices, field buses, components, etc., that manage their building model.

• Added section on the Certificate Wizard platform tool.

September 25, 2019

In Chapter 2, added content on using the Certificate Wizard.

July 25, 2019

Many changes throughout to support the Niagara 4.8 release, including the following edits:

• In Chapter 1, added a section on the “Security Dashboard feature”.

• In Chapter 3, edited “Configuring a user for Client Certificate Authentication”, and added a new procedure for “Enabling a kiosk-like mode using client certificate authentication”.

• In Chapter 4, added a note to the “Reviewing permissions” procedure.

• In Chapter 5, added a component topic on the “nss-SecurityService”, and view topic on the “nss-SecurityDashboard”. Also added information about the Station Link Config property to the “nss-SecurityService” component topic. Edited the “wbutil-PermissionsBrowser” topic, to add information on improvements to the Permissions Browser view.

February 11, 2019

• In Chapter 3, edited the “Authentication Schemes” topic to add information on the Client Certificate Authentication Scheme and the GoogleAuthenticationScheme.

• In Chapter 3, added two sections with associated procedures: the ”Admin workflow for client certificate authentication” and “User workflow for client certificate authentication”.

• Added these component topics to Chapter 5: “clientCertAuth-ClientCertificateAuthenticationScheme” and “gauth-GoogleAuthenticationScheme”.

November 14, 2018

• Edited the component topic, “saml-SAMLAttributeMapper”, to add information on a recent configuration change to handle multiple values returned from the IdP for the prototypeName attribute.

• Edited the component topic, “saml-SAMLAuthenticationScheme”, to add information on SAML metadata URL which can automatically generate the station's SAML metadata XML.

• Added the component topic, “saml-SamlXmlDecrypter” which you can add to a SAMLAuthenticationScheme to configure a certificate for decryption.

• Edited component topics, “wbutil-CategoryBrowser” and “wbutil-CategorySheet” to add note on behavior new in Niagara 4.8.

• Minor changes in the procedure, “Customizing SAML attribute mapping".

August 8, 2018

Correction to specified SP metadata in prerequisites for “Configuring the SAML Authentication Scheme” procedure.

May 17, 2018

Added a caution regarding giving admin write permissions on the Role Service to the following topics: Roles and permissions”, “Role Service”, and “Role Manager”.

March 2, 2018

In the “Single Sign On” and “Components” sections, added information on the baja-UserPrototype which is required for SAML authentication; also added the procedure, “Creating a User Prototype for SAML authentication”.

February 15, 2018

Edited the procedure, Configuring the SAML Authentication scheme,” to add information on required SAML SP metadata that must be shared with the SAML IdP. Expanded on information provided in the “saml-SAMLAttributeMapper” component topic, and added a procedure for “Customizing SAML attribute mappings”.

January 24, 2018

Changed the topic title “Auto Logoff" to “Station Auto Logoff” and clarified wording throughout. Also edited property descriptions for Auto Logoff settings in the “baja-UserService” component topic.

November 13, 2017

In the topic, “About station security”, under authorization management list item, deleted a note discussing unsupported tagged categories.

October 12, 2017

• In the User Authentication chapter, edited the “Authentication Schemes” topic; added the “Single Sign On” and “Auto Logoff” topics; and added these procedures: “Configuring the SAML Authentication Scheme” and “Logging in with SSO”.

• In the Components chapter, added the ”saml-SAMLAttributeMapper”, and “saml-SAMLAuthenticationScheme” topics; and edited the “baja-SSOConfiguration”, and “baja-UserService” topics.

• Edited the topics in the Secure Communication chapter, rewriting “Creating a server certificate,” adding “Creating a root CA certificate, and “Creating a code-signing certificate.”

• Added “Provisioning a job to install a certificate” to the same chapter.

• Added references to code-signing certificates through the chapter.

• Added “Certificate Export windows” to the Components, views and windows chapter.

September 20, 2017

• Added the topic “When a certificate expires” to the “Certificate Setup” chapter.

• Updated multiple topics in the “Certificate Setup” chapter to include the code-signing certificate.

September 14, 2017

Updated the WebService property description in web-WebService topic.

September 13, 2017

Updates to WebService properties and descriptions in the web-WebService component topic

August 31, 2017

July 13, 2016

Updated to support rebranding (minor changes throughout)

November 6, 2015

Updates to WebService properties description in web-WebService component topic

August 23, 2015

Initial release document