Configuring Web Login

You can enable web-based authentication to GENESIS by configuring the built-in web login in GENESIS Security. The feature can be used in two ways.

  • GENESIS can connect to a 3rd party OIDC or SAML 2.0 Identity Provider and outsource the authentication to them. Learn more about OIDC . Learn more about SAML.

  • The Security component inside FrameWorX Server can act as an OpenID Connect (OIDC) Identity Provider (IdP) that other clients can connect to and authenticate. Learn more

You can configure web login to combine these two features: a client can connect to the OIDC IdP exposed by our Security to obtain an OIDC token, while the Security redirects the client to an external SAML or OIDC IdP to perform the authentication.

Prerequisite: Before setting up the web login, you need to set the public origin of your web server. Learn more

To configure web login in GENESIS:

  1. <MadCap:snippetText src="../../Resources/Snippets/Open-Workbench.flsnp" xmlns:MadCap="http://www.madcapsoftware.com/Schemas/MadCap.xsd" /> Security > Global Settings .

  2. On the General tab, ensure that for Security active, the Active button is selected, and clear the checkbox for Allow simultaneous login.

    When using Integrated Windows Authentication to automatically log users in to GENESIS, we also recommend allowing to log off the automatic user. This is an option on the Global Settings. If this option is left disabled, Web Login will not be able to log anybody in through the web if there is already somebody logged in automatically.

  3. In the Automatic Login section, clear the Enabled checkbox. Web login is not possible when a user logs in automatically.

  4. On the Web Login tab, set up the following options, and then click Apply.

    • In the General Settings section, select Enable and In-house applications use web login .

    • (Optional) Select In-house applications use web logout to enable logging out via a web browser in GENESIS desktop applications or WebHMI.

    • In the next section in In-house application Relying Party Redirected URIs , add the desired DNS name to which the identity provider should send users after they successfully sign in, if it is not already listed.

  5. In the Authentication section in Type, select the desired option, and then continue with the settings for the selected authentication type.

    • Built-in: Authenticates internally against either Active Directory or the list of users specified directly in the Security database.

      No other settings are required. Optionally, select the Allow the 'Remember me' option in the web login form checkbox, and then click Apply.

    • Open ID Connect

    • SAML 2.0

    • Entra ID