Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Unified Operations Center for Water

TABLE OF CONTENTS

Configure Water Loss or Water Simulation with AIM

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJun 11, 2024
  • 2 minute read

Configure Schneider Electric (SE) Water Loss (WL) authentication service to use AVEVA Identity Manager (AIM) as Identity Provider.

Note: To configure Schneider Electric Water Simulation (WS) authentication service to use AVEVA Identity Manager (AIM), follow the same procedure with Water Simulation Server.

In the example provided, we are considering swgr.sw.uoc as the AIM Server FQDN and swwl.sw.uoc as the FQDN of SE Water Loss server. The SE WL authentication service is listening on port 8000. When configuring your environment, adjust the commands and configurations to match your names and ports.

Configure Water Loss with AIM

  1. Add new client to AIM.

    1. Run the following command on PowerShell in the AIM Server.

      Add-IdentityManagerClient -HostBase https://swgr.sw.uoc -Name SEWL -Id sewl -

      Secret xxxxxxxxxxxxx -Uri https://swwl.sw.uoc/ -PostLogoutRedirectUris

      https://swwl.sw.uoc:8000/signin-oidc -RedirectUris

      https://swwl.sw.uoc:8000/signin-oidc,https://swwl.sw.uoc:8000/signin-azureoidc,

      https://swwl:8000/signin-oidc,https://swwl:8000/signin-azure-oidc -

      AllowedGrantTypes Hybrid -ScopeRestrictions

      system,openid,roles,profile,offline_access,email -AllowXFrameCrossOrigin $true

  2. Get AIM Root SSL Certificate and install it on WL Auth machine.

    1. If you are using a self-signed certificate for AIM, you are required to import the Root Certification Authority certificate in the SE WL machine.

    2. To do so, go to the AIM server and open the Machine Certificate (run certlm.msc). Find the certificate of the Root Certification Authority used to sign the AIM certificate and export it (without the private key). Copy the exported certificate in the SE WL machine and then install it. This removes any certificate or SSL error you might be getting when trying to use AIM as Identity Provider.

  3. Add sign-oidc to Database.

    1. You need to add the signin-oidc path as one of the accepted RedirectUris to the client with ClientId angularclient in the SE WL Identity database. To do this, you can run the following command after connecting to the corresponding database (the SE WL server FQDN should be changed to match yours):

      UPDATE OpenIddictApplications

      SET RedirectUris='["https://swwl.sw.uoc/signin-azureadoidc","

      https://swwl.sw.uoc/signin-oidc"]'

      WHERE ClientId='angularclient';

  4. Configure Authentication Service.

    1. Add the following configuration under AzureAD in SE WL Auth service appsettings.json file.

    2. The ClientId and ClientSecret values must match the ones you specified in the PowerShell command on Step 1.

      "AIM": {

      "DirectoryId": "https://swgr.sw.uoc/identitymanager",

      "ClientId": "sewl",

      "ClientSecret": "xxxxxxxxxxxxx"

      }

TitleResults for “How to create a CRG?”Also Available in