Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Application Server

TABLE OF CONTENTS

Troubleshooting connection problems

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJan 16, 2025
  • 4 minute read

The Federated Identity Provider plugin supports registering up to 100 System Management Servers (SMS) or Redundant SSO Servers (RSSO) with an CONNECT account. If you exceed this limit, the Configurator displays the following error message:

Warning message if the number of federated identity provider limits are exceeded

To continue with the registration process, do these steps (detailed instructions follow).

  1. Delete stale or unused application URLs from your CONNECT account. This step alone could resolve a limitation issue. If not, proceed with the following steps.

  2. Acquire an access token.

  3. Configure an application.

  4. Add URLs to an existing application.

  5. Add a new application.

  6. Register the System Management Server or Redundant SSO Server with CONNECT via Powershell.

Delete stale or unused application URLs from CONNECT

  1. Log into your CONNECT account.

    Note: You must be an administrator on your CONNECT account to perform this operation.

  2. Select an application. The Edit Application slide-in pane appears.

  3. Scroll down to the listed Redirect and Log out URLs.

  4. Select the delete (trash can) icon to delete a URL.

    Seeing linked applications in AVEVA CONNECT

  5. Repeat step 4 for all stale or unused URLs for each application.

    Acquire an access token

    1. Open the browser and navigate to CONNECT.

    2. Sign in with your user credentials, and if prompted, select the appropriate account.

    3. Select Integrations from the left navigation pane.

      AVEVA CONNECT menus

    4. Select Access tokens and then select Create access token to create a new access token.

      Access Tokens listed in AVEVA CONNECT

    5. For Access Token Configuration, select Advanced.

    6. Select Account access token option.

      Ensure that the Roles include On-Premise Identity Integration (AIM) and record the access token.This is required later during the registration process.

      Configure an application

      Link the redirect URLs and logout URLs with an application. Each application can support 100 redirect URLs and 100 logout URLs.

      1. Select Integrations from the left navigation pane.

      2. Select Applications.

        By default, the screen displays the FID_PCSSystemManagementServer application. This application is automatically created by the Federated Identity Provider configurator plugin.

        Add URLs to an existing application

        1. If you have any other applications listed other than the default application, select the other application.

        2. Confirm whether the application Type is set to PCS On-Premises Identity Integration.

          If the application Type is not set to PCS On-Premises Identity Integration, ignore the application as it was created for a different purpose.

        3. Scroll through the redirect URLs and select Add redirect URL.

        4. Add a redirect URL in the format https://{fqdn}/identitymanager/signin-avevaconnect (where {fqdn} is your fully qualified domain name, such as mycomputer.mydomain.com).

        5. Scroll through the logout URLs and select Add logout URL.

        6. Add a logout URL in the format https://{fqdn}/identitymanager/signedout-callback-avevaconnect (where {fqdn} is your fully qualified domain name, such as mycomputer.mydomain.com).

        7. Record the Client ID for the application.

          Add a new application

          If the application FID_PCSSystemManagementServer is the only application, or if the other application has also reached the limit of 100 redirect URLs and 100 logout URLs, then create a new application before adding in your redirect and logout URLs.

          1. Select Create application to create a new application for AIM integration.

          2. Select the Type as PCS On-Premises Identity Integration.

          3. Record the Client ID field. This is required later during the registration process.

          4. Scroll through the redirect URLs and select Add redirect URL.

          5. Add a redirect URL in the format https://{fqdn}/identitymanager/signin-avevaconnect (where {fqdn} is your fully qualified domain name, such as mycomputer.mydomain.com)..

          6. Scroll through the logout URLs and select Add logout URL.

          7. Add a logout URL in the format https://{fqdn}/identitymanager/signedout-callback-avevaconnect (where {fqdn} is your fully qualified domain name, such as mycomputer.mydomain.com)..

            Register the System Management Server or Redundant SSO Server with CONNECT via Powershell

            On the computer that is configured as the System Management Server (or RSSO), launch Powershell as an administrator and run the following commands:

            $AccessToken = ConvertTo-SecureString -String "********" -AsPlainText -Force Add-PcsAuthenticationProvider -name AvevaConnect -ClientID ******** -Endpoint https://signin.connect.aveva.com -ServicesEndpoint https://services..aveva.com/ -AccessToken $AccessToken

            TitleResults for “How to create a CRG?”Also Available in