×

Supercharge your GE solution! Download a free trial of Proficy Operations Hub, CSense analytics, and more. Learn more about the Proficy 2023 releases, by signing up for one of our upcoming events.

Home
Proficy Authentication
Windows Integrated Authentication / Auto-login
Windows Integrated Authentication is a new capability added to Proficy Authentication Service from version 2.5.
Create Service Principal Name
This topic describes how to create a service principal name.

Products Documentation

Proficy Authentication
- About Proficy Authentication
- Set up Proficy Authentication
  This topic describes how to set up Proficy Authentication in Configuration Hub.
- Application Overview
  Proficy Authentication provides identity-based security for Proficy based applications and APIs.
- Manage Identity Providers
- Manage Groups
- Manage Users
- Windows Integrated Authentication / Auto-login
  Windows Integrated Authentication is a new capability added to Proficy Authentication Service from version 2.5.
  - Configure Security Policy
    This topic describes how to configure security policy setting associated to Kerberos authentication.
  - Create Service Principal Name
    This topic describes how to create a service principal name.
  - Generate Keytab File
    Generate the Kerberos keytab file.
  - Proficy Authentication Service Configuration
    This topic provides steps to update the Proficy Authentication uaa.yml file.
  - Configure Browser
    Configure the browser settings for Kerberos authentication.
  - Troubleshooting Error Logs
    This topic describes Windows Auto-login success/failure scenarios.
- High Availability
- Customize Login Screen
  This topic describes how to customize the Proficy Authentication login screen.

Create Service Principal Name

This topic describes how to create a service principal name.

Before you begin

Create a dummy user account on the Active Directory Server node to represent the Proficy Authentication application in the active directory registry. Make sure to implement these settings for the account:
- It is mandatory user is a member of the domain user group. Refer to Microsoft documentation for more information.
- Set the account password to never expire. To do so, access the domain user account properties dialog: Account > Account options > Password never expires.
Configure Security Policy

Note: Delete existing SPNs, if any. Refer to Useful SPN commands.

About this task

You must be an administrator to perform this task.

Procedure

Log in to your Active Directory machine.
Open the Windows Command Prompt application.

Run the following command replacing with the appropriate code:

setspn -S
                     HTTP/<FQDN>
                  <user account>


Code	Replace With
`<FQDN>`	Fully Qualified Domain Name (FQDN) of the server on which Proficy Authentication service is running. For example, `HTTP/[email protected]` Note: These should be in capital letters: `HTTP` `UAATESTAD.GE.COM` (the domain name that follows @)
`<user account>`	Dedicated dummy user account created for Proficy Authentication service. For example, `ghost1`.

Based on the above examples, your code should look like this:

setspn
                  -S HTTP/[email protected]
               ghost1

Results

The service principal name (SPN) is created.

What to do next

Generate Keytab File