Proper Configuration of Webalo Historian Connector when to Historian 7.x is configured to use Active Directory

There have been several reports customers who want to use Webalo Historian Ad Hoc Tag Browsing Tool but have had  difficulty setting up Webalo Historian Connector when the target Historian 7.x is configured for Active Directory.  

The symptom is that the user can see connect to historian and see the list of tag names, but is not able to browse and see the time-series tag values.  An message is shown that  states that the result set is [null].

Webalo raised this issue with GE Tech Support team and have received some new information that we want share to provide a way past this issue.  GE explained that there is an incompatibility between the legacy security and the UAA security and while the issue exists in 7.1  there are a couple of workarounds.  Here is the detailed procedure to get around this issue.

A) Generate an AD user with the exact same userid and password as the UAA user and place it in the  local security group called "ih Reader" on the Historian server.  

1. For example generate  "webaloclient" with a selected password  as a UAA user in Historian.

2. Create a new AD domain user using the exact same name and password as the "webaloclient" credential.
3. Add the new domain user to the "ih Readers" security group on the Historian Server.


B) Reconfigure the Webalo Historian connector with the new "webaloclient" credential and set it up for grant_type=password

1. In a Chrome browser, login to the Webalo Administrative Website  and login as either a Domain or Account admin user.

          >https://<your webalo server>/md/agenda

2. Click on "Edit Applications and Data Connections"

3. Click on "Industrial IoT"

4. Click on "Historian Connectors"

5. Select your connector and click "Edit".

6. On the Configure Historian Connection screen, click on the "Configure" button next to Authentication: OAuth2 Password.

7. On the popup OAuth2 Configuration screen, change the Client ID and Client Secret to use "webaloclient" credential.  Also, make sure the Token Server is correct. See the example below: 
- Check the Site URL with base Historian API URL in this example case it is: https://win-historian:8443/historian-rest-api/v1/
- Edit the Oauth2 Parameters to
- Check the Token Server URL in this example the  server is :  https://win-historian:8443/uaa/oauth/token

**IMPORTANT** You must have the Client ID and Client Secret to make the default grant_type=password authentication mechanism work.
- Edit the four credentials exactly as follows:

  • Client ID: "historian_public_rest_api"  (don't use the quotes)
  • Client Secret: "publicapisecret"
  • User Name: "webaloclient"
  • Password:  <Your-Password>

Save this out and deploy.

Now you will be configured to use the default grant_type=password authentication mechanism.

You can test this in the Webalo Client for finding Tags and Tag values as expected

  •  Open an incognito session in your Chrome browser and login to the WebUA.
  •          >https://<your webalo server>/client
  • On the Historian tab, click your Historian connector.  You should see a list of tags.
  • Drag a tag onto the workspace to chart it.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.