6 Replies Latest reply on Jul 21, 2016 3:03 PM by Bryan Owen

    PI AF Security Design

    TomMcCarthyNeoPLM

      HI All,

       

      I am trying to configure my development system to allow Windows integrated security for my AF SDK application.  I have tried to configure the security in the AF Builder tool, but can't seem to get it to work.  Is there a good troubleshooting guide that I can use to resolve my issue?

        • Re: PI AF Security Design
          pmartin

          Hi Tom,

           

          We have a general guide for troubleshooting connectivity here: KB01154 - Troubleshooting connectivity to the PI System

           

          But in terms of specifics:

          What kind of application are you developing?

               Is it a web application, console application, windows forms application, etc?

          What kind of behavior are you seeing with your program? What type of error are you getting?

           

          If you are trying to connect to your PI Data Archive with the AF SDK, check the message logs when you run your program.

          If you are trying to connect to your AF structure, verify that you can access what you are trying to using PI System Explorer.

            • Re: PI AF Security Design
              TomMcCarthyNeoPLM

              Hi,

               

               

               

              I am writing a windows service actually.  When I run the application on

              some machines I get a

               

               

               

               

               

              Error, when I first try to open the af database.  I did notice that on the

              machines that exhibit this behavior,  I am challenged to enter credentials

              when using system explorer, but for those where my app runs I am not

              challenged.  I have been trying to adjust the security credentials in the

              system explorer, but cannot find the root cause of the problem.  I am

              hoping the troubleshooting guide might shed some light.

            • Re: PI AF Security Design
              jyi

              Hi Tom,

               

              Perhaps this article may help you troubleshooting the AF security issues: KB01039 - AF and Authentication Across Domains

              Please also let us know your network architecture. Is the app node in workgroup, in the same domain or in different domain?

              • Re: PI AF Security Design
                vkaufmann

                Hi Tom,

                 

                What AF Server version are you using and what credential have you given your application to authenticate with? Can you successfully connect with that same credential that you've given your AF SDK application via PSE or other PI clients?

                  • Re: PI AF Security Design
                    TomMcCarthyNeoPLM

                    Hi,

                     

                     

                     

                    I believe the server version is 2012, I can get more specific information

                    if required.  I have been trying to enable all domain users to

                    automatically have rights to view the data.  What I have seen, which I

                    think is a bit odd, is that I can be logged in as a domain user, and launch

                    the PI System Explorer and I will be challenged, but when I re enter my

                    credentials in that tool, I am granted access.  Again it happens on

                    certain machines only.

                  • Re: PI AF Security Design
                    Bryan Owen

                    Since this is a dev environment you might try opening a file share on the server to help shakedown single sign on.

                     

                    Once you can remotely access shares without a challenge you are halfway home.

                     

                    The next step is commissioning Kerberos, although many standalone dev environments skip this step.

                     

                     

                    btw>  at your discretion, this might be a good topic to tag as 'security'