Quick start

To start, create or open a TwinCAT HMI project.

Installation

Install the NuGet package "Beckhoff.TwinCAT.HMI.OAuth" via the NuGet Package Manager.

Installation of a required user management server

Install a user management server required by OAuth.

Keycloak

Configuring the TwinCAT HMI server (example with Keycloak)

1. Open the configuration page of the server in the HMI project.

2. Go to the Security subtab.
Quick start 1:

3. Open the following URL in a web browser to have the most important information from Keycloak at a glance:
Quick start 2:

Examples for the placeholders:
<root> = 192.168.2.144:8080
{realm-name} = master

http://<root>/realms/{realm-name}/.well-known/openid-configuration

4. Set the connection to the user management server here.
Use by default for OAuth 2.0 authorization: false.
Authentication extension domain: TcHmiOAuth.
OAuth 2.0 authorization endpoint (v2): Value of "authorization_endpoint".
OAuth 2.0 Token Endpoint (v2): Value of "token_endpoint".
JSON Web Key Set-Endpoint (v2): Value of "jwks_url".
Application or client ID: Enter the client ID you have defined.
Client secret key: Enter the "Client Secret" of your client (Clients/<clientName>/Credentials)
Response type: Code
Area of application: microprofile-jwt basic roles

The connection to a user management server via OAuth has been successfully established.

Configuring the OAuth extension

1. Open the OAuth configuration page in the HMI project.
Quick start 3:

2. Under Default groups, fix which user groups are assigned to the OAuth users by default.

3. Under Group assignment, fix which user groups should be assigned to the OAuth users under certain conditions.

You have successfully established a connection between the TwinCAT HMI server and a user management server.