Ignition 8.1.24: IdP Authentication Improvements, OPC UA Sampling Options, Vision Client Update Control

Ignition 8.1.24

 

New year, new features! The release train’s resolution is to add even more functionality and features to Ignition than it did last year. Based on what Ignition 8.1.24 is delivering, it’s on the right track.

Ignition 8.1.24 brings that new-year cheer with IdP improvements to keep up with modern security standards, OPC UA polling customization, better control for Vision Client updates, and a lot more.

 

IdPs Are Not Token for Granted

Keeping up with cybersecurity can be stressful, so Ignition 8.1.24 delivers a few IdP improvements to keep you calm, cool, and authenticated.

Auth Tokens

Let’s start with a solution to a pain point that has frustrated many an integrator. Before 8.1.24, when a session temporarily lost communication to the gateway, all IdP-authenticated Designer and Vision Client instances would need to be restarted so that users could log back in.

8.1.24 fixes this problem with auth tokens. Now, logging into the IdP generates a special auth token with the session on the gateway. This token is then saved in the Designer or Vision Client instance memory after successful IdP authentication. In the case of an interrupted connection, Designer or Vision Client instances can pass the valid auth token to the gateway and securely reconnect.

 

Auth Token

 

The lifecycle of an auth token can be controlled in two ways.

The first option is Designer Auth Token Inactivity Timeout, which defines the number of minutes that must elapse during disconnection before the auth token expires. Inactivity Timeout must be greater than zero, with the default set to 10 minutes.

The second option is Designer Auth Token Time-To-Live (TTL). This setting defines the maximum number of minutes the auth token exists regardless of connectivity. If TTL is set to any number less than or equal to zero, the auth token does not expire except from inactivity. The TTL default is set to 0 minutes, meaning it does not expire.

OAuth2 SMTP

Security is a constantly evolving beast and taming it requires modern standards and techniques. These days, something as tried and true as the username/password combo is often not secure enough. Some servers no longer support Classic SMTP with only username and password authentication.

With that in mind, 8.1.24 refactors “SMTP Profiles” into “Email Profiles.” The Email Profiles give the option of choosing either Classic SMTP, which supports basic authentication, or OAuth2 SMTP, which, true to its name, supports OAuth 2.0.

 

Email Profiles

 

8.1.24 also adds OAuth2 Clients, which can be managed in the gateway config page. OAuth2 Clients use auth tokens, similar to the Designer and Vision Clients mentioned above, to securely request SMTP to send email events.

 

OAuth2 Clients

 

Username Prefix & Suffix

A customer-requested feature adds a new checkbox option in the LDAP Search Properties for toggling username prefix and suffix to all three Active Directory user source profiles. If marked as true, this setting applies prefix and suffix to the gateway username before a bind is attempted. Naturally, this option defaults to true on upgrade to match the behavior before the upgrade. It’s also worth mentioning that 8.1.24 removes the strict validation for gateway username setting so that =, ,, and other characters are now allowed.

 

Prefix and Suffix

 

OPC All Your Options

Ignition puts a premium on configurability, not just within the platform itself, but also with how it interacts with outside hardware and protocols. To better adapt to systems subscribing to BACnet or DNP3-supported devices, Ignition 8.1.24 has a new Tag Group OPC UA extension property that allows the Sampling Interval to be requested independently of the Tag Group Rate.

If the Sample Interval is set to 0, instead of Tag Group polling, event-based or report-by-exception changes will come directly from the device. For certain devices or system architectures, this method reduces unnecessary sampling to save additional overhead.

 

OPC UA Event-Based Changes

 

Visionary Update Control

Even though Ignition has a ton of features focused on automating certain actions, we still understand the importance of being able to choose when to accomplish a task manually. This is especially critical when the task in question is pushing out changes to an entire system.

For that reason, Ignition 8.1.24 adds the new “None” Update Mode for Vision. This new mode allows the project developer to manually deliver updates to running clients using a new Boolean Vision Client system tag, ProjectUpdateAvailable, and a companion scripting function, system.vision.updateProject(). The scripting function is what actually performs the project update on the Vision Client. With it, the developer now has increased control and flexibility when disseminating project updates.

8.1.24 also adds two ignition.conf properties to Vision — vision.fetch-concurrency and vision.fetch-timeout — to improve Vision Client launches on busy systems and increase timeout length.

 

Descriptive Perspective Linguistic Prescription

To point out the obvious, the more descriptive a label is, the more useful it is. That’s why Ignition 8.1.24 upgrades three Perspective components around the central theme of more detailed labeling.

Cylindrical Tank

First up is the Cylindrical Tank component, which now has new format and unit display properties. The format property gives the option to display a value as an integer, percent, or currency, the latter option finally delivering a method for putting the whole “time = money” philosophy into practice.

The unit property can then append a chosen string to the front or back for further customization. For example, if you had a thousand-gallon tank, you could choose “integer” for your format, then enable the unit property and simply enter “/ 1000” to display an exact volume for the tank.

 

Cylindrical Tank

 

Power Chart

The Power Chart component now has an additional config option, penNamePathDepth, that can display an expanded tag path. When this option is set to 1, only the tag name will appear. However, the higher the number is set, the further back the tag path will display, all the way to the gateway. For example, setting penNamePathDepth to 3 would appear as grandParentFolder/parentFolder/name. This option is a great method for visualizing an individual tag path that is both precise and immediate.

 

penNamePathDepth

 

Menu Tree

The Menu Tree component’s "backActionText" root now acts as the default back button for all levels of menu items. Individual sub menus can then override this text with their own "backActionText" configuration property. As exemplified in the GIF below, this update provides more clarity when backtracking through heavily nested menus.

 

backActionText

 

Delicious Quality-of-Life Designer Improvements

Ignition 8.1.24 drops quality-of-life improvements like hot potatoes. And much like french fries, they might not be the main course but they certainly round out the meal.

8.1.24 now automatically commits any changes made in the Named Query Authoring tab when you switch to another tab. This change provides a quicker, more user-friendly experience when testing out queries. All you need to do is edit your parameter and switch tabs. No more forgetting to press Enter, and no more double-checking.

 

Auto Commit

 

A double portion of delicious side dishes comes from the Designer edit menu, which gets some expanded functionality and can now be used against Output Console messages as well as Vision Property Editor fields. Previously, tediously, frustratingly, these tasks were not possible. Now, simply highlight the desired value or input, click Edit from the top menu, select Copy, and paste into a new window.

 

Copy to Output Console

 

Copy to Vision Property Editor

 

Honorable Mentions

Wait! There’s one more thing. Actually, make that two.

Alarms

  • The descriptive text for the Service Security property “Accessible Pipeline Filter” has been updated to reflect its actual functionality.

TCP & UDP

  • Added a “Write Timeout” setting to the TCP Driver for increased timeout configurability when committing writes to the device.

 

See You in February

Learn more about these updates and other improvements in the 8.1.24 release notes and the Ignition user manual. As always, we value your feedback about what new features and functionality you’d like to see in upcoming releases. Ignition 8.1.25 will pull into the station around Valentine’s Day with new updates and a freight car full of long-stemmed roses.


AUTHOR
Aaron Block
Marketing Content Writer / Inductive Automation
Aaron joined Inductive Automation at the beginning of 2021. With his background in Cellular Molecular Biology and Chemistry, he brings a unique perspective to the automation industry. When he's not writing, you can find him rock climbing or walking on the beach.
Table of contents