5 Replies Latest reply on Jul 11, 2018 1:03 PM by LucasERAS69

    Allow PI Vision to search for data without Kerberos


      I'd like to allow PI Vision to search my databases without having the authentification set to "Kerberos". Is it possible?

        • Re: Allow PI Vision to search for data without Kerberos

          Hi Lucas


          Could you please let us know the reason why you would like to turn off Kerberos. You can add trust based but it is not recommended. Rather I would suggest creating a service account and set delegation set for the service account and PI system(AF and PI data archive)



          Lal Babu Shaik

          • Re: Allow PI Vision to search for data without Kerberos

            Hi Lucas,


            You could use Basic Authentication.The following is from KB01709:


            Basic Authentication is an alternative to using Windows Integrated Security in PI Vision. During basic authentication, end users must manually enter their username and password in their browser to be sent in an unencrypted format to the PI Vision server. With these credentials, PI Vision constructs a Windows token with which it can access the PI AF Server and PI Data Archive. This authentication method precludes the need for Kerberos delegation, making it more easily compatible in multi-domain scenarios. Due to the unencrypted transmission of credentials, it is critical to protect communications with PI Vision using HTTPS and TLS when using basic authentication.


            If IIS is on the same node as the Data Archive and AF Server, you could also authenticate with NTLM and PI Vision will impersonate your user to the other resources on the node depending on group policy settings. If the Web Server is on a different node you would need to configure delegation if using WIS.


            The following Live Library article shows how to enable Basic authentication: https://livelibrary.osisoft.com/LiveLibrary/content/en/vision-v2/GUID-9CF76AC8-BBB9-4E1C-A77C-63373901E64A

            PI Vision


            Does this information help? Or are you having an issue with the Web API and/or crawler connecting to the databases?