1. No category

Setting up Web Reporter Login Bypass in StruxureWare Power

Setting up Web Reporter Login Bypass
in StruxureWare Power Monitoring
Expert 7.2
04/2013
Schneider Electric
Setting up Web Reporter Login Bypass in StruxureWare Power Monitoring Expert 7.2
Safety information
Important information
Read these instructions carefully and look at the equipment to become
familiar with the device before trying to install, operate, service or maintain
it. The following special messages may appear throughout this manual or
on the equipment to warn of potential hazards or to call attention to
information that clarifies or simplifies a procedure.
The addition of either symbol to a “Danger” or “Warning” safety label indicates
that an electrical hazard exists which will result in personal injury if the
instructions are not followed.
This is the safety alert symbol. It is used to alert you to potential personal injury
hazards. Obey all safety messages that follow this symbol to avoid possible
injury or death.
DANGER
DANGER indicates an imminently hazardous situation which, if not avoided, will result
in death or serious injury.
WARNING
WARNING indicates a potentially hazardous situation which, if not avoided, can result
in death or serious injury.
CAUTION
CAUTION indicates a potentially hazardous situation which, if not avoided, can result
in minor or moderate injury.
NOTICE
NOTICE is used to address practices not related to physical injury. The safety alert
symbol shall not be used with this signal word.
Please note
Electrical equipment should be installed, operated, serviced and maintained only
by qualified personnel. No responsibility is assumed by Schneider Electric for any
consequences arising out of the use of this material.
A qualified person is one who has skills and knowledge related to the
construction, installation, and operation of electrical equipment and has received
safety training to recognize and avoid the hazards involved.
Page 2
CONTROLLED DISTRIBUTION
© 2013 Schneider Electric. All rights reserved.
Setting up Web Reporter Login Bypass in StruxureWare Power Monitoring Expert 7.2
Schneider Electric
Notices
ION, ION Enterprise, Modbus, Modicon, Power Measurement, PowerLogic,
Schneider Electric, and System Manager are either trademarks or registered
trademarks of Schneider Electric in France, the USA and other countries. All
other trademarks are property of their respective owners.
This product must be installed, connected and used in compliance with prevailing
standards and/or installation regulations. As standards, specifications and
designs change from time to time, always ask for confirmation of the information
given in this publication.
Schneider Electric
35 rue Joseph Monier
92500 Rueil-Malmaison, France
www.schneider-electric.com
© 2013 Schneider Electric. All rights reserved.
CONTROLLED DISTRIBUTION
Page 3
Schneider Electric
Setting up Web Reporter Login Bypass in StruxureWare Power Monitoring Expert 7.2
Table of Contents
Safety information .............................................................................................2
Important information.................................................................................................. 2
Please note................................................................................................................. 2
Notices ..............................................................................................................3
Table of Contents .................................................................................................4
Overview ................................................................................................................6
Installation and Configuration ............................................................................7
Have a secure connection to Power Monitoring Expert SQL Server ................7
Configure Users in Power Monitoring Expert ....................................................7
Run the Web Reporter Login Bypass Installer ..................................................7
Add SQL Server Login ......................................................................................7
If Using Windows Authentication ................................................................................ 7
If Using SQL Server Authentication ............................................................................ 7
How To Build the Single Sign On URL........................................................... 10
Display a specific Report ................................................................................ 10
Configuring PowerLogic SCADA 7.2 to use SSO .......................................... 11
Page 4
CONTROLLED DISTRIBUTION
© 2013 Schneider Electric. All rights reserved.
Setting up Web Reporter Login Bypass in StruxureWare Power Monitoring Expert 7.2
Schneider Electric
Document Revision
Index
Date
Author
Reasons for change
0.1
2013-04-05
Ken Wright
Cloned on the 7.0.1 version, changing product
references.
© 2013 Schneider Electric. All rights reserved.
CONTROLLED DISTRIBUTION
Changed sections
Page 5
Schneider Electric
Setting up Web Reporter Login Bypass in StruxureWare Power Monitoring Expert 7.2
Overview
This document outlines how to access Web Reporter web pages without having to go through the standard Power
Monitoring Expert authentication process. This was developed to address the need to access reports in Power
Monitoring Expert from another application without the user having to provide log in credentials when using the
link.
This functionality is sometimes called Single Sign On, so you will see the “SSO” acronym in some areas of the
product and documentation.
To use this solution, the third-party application (e.g., Struxureware Power SCADA Expert) must have the ability to



Page 6
call a stored procedure in the Power Monitoring Expert ION_Network database
dynamically create a URL based on the information returned by the stored procedure
display this URL in a browser
CONTROLLED DISTRIBUTION
© 2013 Schneider Electric. All rights reserved.
Setting up Web Reporter Login Bypass in StruxureWare Power Monitoring Expert 7.2
Schneider Electric
Installation and Configuration
Have a secure connection to Power Monitoring Expert SQL
Server
When using SQL Server authentication, credentials will be passed on the network to the SQL Server machine.
For this reason it is highly recommended you review the following MSDN article on securing the connection to the
SQL Server machine and consider implementing it.
http://msdn.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
Configure Users in Power Monitoring Expert
When the Web Reporter pages are displayed, the user must be authenticated as a particular Power Monitoring
Expert user. Decide what user(s) in Power Monitoring Expert will be use to display Web Reporter in the browser.
For security reasons, it is suggested you create a new user(s) that has access to the required reports. (For
example, you may set up two new users in Power Monitoring Expert: EnergyManager and CostManager, where
each user has access to specific reports.)
1. Create these user(s) in Power Monitoring Expert. This is performed the User Manager in the Management
Console. Ensure that the users’ Access Levels are appropriate, such as “Observer”.
2. Give these users access to the appropriate reports (using Web Reporter).
Run the Web Reporter Login Bypass Installer
The installer places files into the Power Monitoring Expert folders, adds objects to the ION_Network database,
and tweaks Web Reporter to run in Login Bypass mode. You can uninstall this product and it will remove the
Login Bypass functionality. Note that the Power Monitoring Expert users added in the previous step and the SQL
Server user account added in the next step will not be removed if you uninstall the Login Bypass.
Add SQL Server Login
If Using Windows Authentication
If you are using Windows Authentication to connect to the Power Monitoring Expert database, make sure that the
Windows user has the sso_role in the ION_Network database in Power Monitoring Expert.
If Using SQL Server Authentication
If you are using SQL Server authentication to connect to the Power Monitoring Expert database, you must
manually add a new SQL Server Login and Database User to the SQL Server that hosts Power Monitoring
Expert, and associate it with the sso_role database role. This login will be used when calling the SSO “get token”
stored procedure.
This must be set up manually because each installation’s security requirements will be different. Make sure this
new user is only used for Web Reporter Login Bypass purposes to reduce security concerns. (If the user you
create has access to non-SSO tables and procedures, the spSSO_GetToken stored procedure call will return an
error message, causing SSO not to function.)
© 2013 Schneider Electric. All rights reserved.
CONTROLLED DISTRIBUTION
Page 7
Schneider Electric
Setting up Web Reporter Login Bypass in StruxureWare Power Monitoring Expert 7.2
As a database administrator in SQL Server Management Studio, add the new login:
Add the new user according to your local security policies, making ION_Network the login’s default database.
Press OK.
Page 8
CONTROLLED DISTRIBUTION
© 2013 Schneider Electric. All rights reserved.
Setting up Web Reporter Login Bypass in StruxureWare Power Monitoring Expert 7.2
Schneider Electric
Now create a new Database User in the ION_Network database.
Fill in the details, associating this new Database User with the login you created in the previous step. Make sure
the only role this new user has is “sso_role”.
At this point you now have SQL Server credentials that can be used to get the SSO token.
© 2013 Schneider Electric. All rights reserved.
CONTROLLED DISTRIBUTION
Page 9
Schneider Electric
Setting up Web Reporter Login Bypass in StruxureWare Power Monitoring Expert 7.2
How To Build the Single Sign On URL
The third-party application needs to perform the following steps to build the URL that bypasses standard Power
Monitoring Expert authentication and displays Web Reporter.
To display Web Reporter you need to create a URL with specific parameters on the query string. This URL will
contain a token – which is just a unique string. The URL to Web Reporter for token-based single sign on is of the
form:
http://[servername]/reporter/default.aspx?userToken=[key]
Here is what a URL may look like (with a line-break for readability):
http://reportserver/reporter/default.aspx?
userToken=123E1B95-6B7D-475B-B1C8-BB05CB2D3BD5
The value for key is retrieved by calling a stored procedure in the ION_Network database called
“dbo.spSSO_GetToken”. It takes two parameters: @UserID and @PermissionsCheck.
 The UserID value comes from the ION_Network.dbo.Users table. Select which Power Monitoring Expert
user you want to log in as and copy the values from that table.
 The @PermissionsCheck is either 1 or 0 (true or false) indicating whether to check if user making the
stored procedure call should only have access to Web Reporter Login Bypass functionality. Pass “1” if
using SQL Server authentication when connecting, and “0” if using Windows Authentication.
That procedure returns two values:
 StatusCode. This integer value indicates if the call succeeded. “0” means success. “-1” means the UserID
does not exist. “-2” means the UserID exists, but the account is somehow invalid (such as expired
password, or the account is locked). “-3” means the SQL User that was used to connect to the database
has too high of permissions; you need to make sure the SQL user only has permission to the
spSSO_GetToken stored procedure.
 StringToken: If StatusCode is 0, then this is the Token to pass on the querystring.
For security reasons, the token is only valid for 5 minutes after its first use. “First use” means when the Web
Reporter page is displayed, not from the time the spSSO_GetToken stored procedure is called.
Once you are on the Web Reporter page, you will stay logged in until the browser is closed or the page is
refreshed.
Display a specific Report
The procedure outlined above will display the list of all reports the user has access to, allowing the user to select
one. To bypass the report list and go directly to a specific report you need to do the following:
Add an additional parameter to the URL’s querystring when calling up the webpage. Add reportToLoad=nnn
where nnn is the ReportID of the report, as found in the ION_Network..RPT_Report table. For example:
http://standalone/reporter/default.aspx?userToken=key&reportToLoad=22
Note: The reportToLoad key must be cased exactly as “reportToLoad”. Any other capitalization will mean the
report ID is ignored. If no report exists with that ID, then no report will be shown.
Page 10
CONTROLLED DISTRIBUTION
© 2013 Schneider Electric. All rights reserved.
Setting up Web Reporter Login Bypass in StruxureWare Power Monitoring Expert 7.2
Schneider Electric
Configuring StruxureWare Power SCADA Expert 7.30
to use Web Reporter Login Bypass
See the document titled Setting up Power SCADA Expert 7.30 to use Web Reporter Login Bypass in Power
Monitoring Expert 7.2 for information on how to configure StruxureWare Power SCADA 7.30 to use Web Reporter
Login Bypass.
© 2013 Schneider Electric. All rights reserved.
CONTROLLED DISTRIBUTION
Page 11

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz