Server-side Authentication for UI Managers
When using the server-side authentication for UI managers the user has to authenticate himself to the User Interface via the HTTP server. Communication between the user interface and the WinCC OA core (Data manager / Event manager) is only possible if the login credentials are verified by the HTTP server and clearance is ensured via a user interface specific token.
Server-side authentication for UI managers provides increased security by preventing access of unauthorized UI clients.
The server-side authentication for UI managers only authenticates the UI manager. For the authentication of all managers, see chapter Server-side Authentication for Managers - Basics.
Session Binding
Session binding reduces the risk of manipulated messages and unauthorized access to a WinCC OA system. The communication security is increased since the access of unauthorized managers is prevented. In Session Binding the WinCC OA user name is part of a certificate. Read in chapter Panel for SSL Certificates of how to create a certificate with a user name.
Session Binding is activated via the server-side authentication for UI managers. When an Access Control Plug-in of ETM is loaded, the Session Binding is automatically active and cannot be deactivated. By default (standard project) the session binding is deactivated. You can activate it irrespective of the Access Control Plug-in by using the config entry serverSideAuthentication=1 in the [general] section.