The AuthenticationMode property exposes the security mode of the app. The AuthenticationProviders property is used to override the security mode is used, certain OMI apps that rely on web-based controls may use the credentials of the logged-in Windows user rather than those of the logged-in OMI app user. Affected apps include:
- Sharepoint control (WWWebAppControls)
- WebBrowser control (WWWebAppControls)
- Map App
- Insight App
- Microsoft
- Power BI app
The WebControl SDK is the touch point for OMI apps that require web access. For user authentication, the WebControls SDK supports Kerberos authentication when the security mode set in Application Server is OS Group or OS User, and also supports Authentication Provider mode via the AVEVA Identity Manager (AIM).
Existing apps that operate within the domain use Kerberos authentication without any issues. However, apps that require internet access for functionality, including but not limited to the apps listed above, may not function as expected with regard to the logged in user. Instead of using the logged in OMI user, the app may use the credentials of the logged in Windows user (assuming that the two users are different).
In System Platform 2023, the AuthenticationMode enum in WebControl has been changed to a flag to provide the capacity to allow mutliple authentication modes within an app, and a new enum, "AuthenticationProviders" has been added.
You must provide the authentication modes via the flag enum when you build your app.
Sharepoint App on an Intranet
ViewApps configured with the Sharepoint control may allow some users unauthorized access to Sharepoint sites. If the Sharepoint control is configured to load an intranet site, and you are using Authentication Provider mode security, the Sharepoint control will not block the Sharepoint content from an authorized OMI user that does not have explicit permission to access the site.
As long as the app authentication mode and galaxy authentication mode match, the Sharepoint app should load without any issues.