Logging on to a station

Using TLS, a secure communication session is established before the system asks for your user credentials. When you log on using the station Authentication window, the system confirms your identity, which determines your Nav tree configuration and the components you have permission to access. The system is designed to require minimum interaction while providing a secure connection and ensuring authorized access.

An authentication scheme has been assigned to each user, and a user name and password created.
This procedure demonstrates user authentication using the default DigestScheme.
  1. Open the station.

    The system opens a station Connect window.



    This window initiates the process of verifying the server.

  2. Enter the IP address or confirm the default address and click OK.
    If no matching root CA certificate can be found in the client’s System or User Trust Stores, the system presents a default certificate for your approval.
  3. If you are presented with a certificate, make sure you recognize the certificate’s Issued By and Subject properties.
    CAUTION: Do not approve a certificate if you do not recognize these properties. The weakest link in the security chain is the user who simply clicks OK without thinking.

    The system displays the station Authentication window.



  4. If you are logging on for the first time, enter your user name.
    Stations can have many authentication schemes. The first time you log on to a new station the system allows you to enter the Username. It uses this information to determine what authentication scheme to use. After that initial logon, you cannot change the user because another user may use a different scheme with different credential requirements. The Change User link provides a way for a different user with a different authentication scheme to log on.
  5. To change to a different user, click the Change User link and enter a different name.
  6. Enter your station password, select Remember these credentials and click OK.
    When you select the Remember these credentials check box, the system saves the last user name and password you entered and defaults to them the next time you log on.
This procedure establishes a secure TLS connection to the station using the Foxs protocol over port 4911 (this is the default port).

The default logon threshold is five attempts. If you make five unsuccessful attempts to log in during a 30-second period the system locks you out for 10 seconds. You may change the logon threshold in the UserService.

To log off, close Workbench or the browser.

Each authentication scheme supports its own audit log, including saving date, user, and event. This information is written to the AuditHistory in the following location: Station > History > <station name> > AuditHistory. Permission must be assigned to this file in the RoleService to grant a user access to view it.