Workstation Authentication

Simphony architecture supports both the server side and client side of authentication. Server authentication is accomplished via configuring the HTTPS connection by installing a TLS 1.2 compliant certificate on the server issued by Certification Authority. Client side authentication is required for Simphony operations and cannot be disabled.

Note:

Simphony security does not use the Windows Login on Windows-based workstations.

In order for the Simphony workstation to be able to communicate to a Simphony application server, it has to be authenticated first. The process of authentication is accomplished during initial workstation installation by the Client Application Loader (CAL). When CAL starts, it prompts users to enter credentials when configuring workstations. In order to configure, download, and install software, users must be authorized using the Enterprise Management Console (EMC). To add this privilege, see Assigning Privileges to Allow Installing and Authenticating Workstation Clients.

The username and password entered on the service host are the same as the one used to access the EMC. If a user does not have the privilege assigned to their Role, the process fails and the user is prompted to enter a valid username and password again.

When upgrading a workstation (from Simphony release 2.8 or later), the existing authentication continues to work, however when prompted, the new EMC credentials should be provided. Credentials are transmitted over an encrypted TLS channel to the application server. After the application server validates the credentials, an authentication token is issued that is returned to an encrypted channel back to the client. The token is stored by the client in an encrypted format inside its protected storage. All subsequent messages from the client to the server contain a security header that is encrypted with the public half of the key contained within the authentication token. The server stores a private key for each authenticated client in the database and can verify authenticity of an incoming request. With the Simphony version 2.9.1 release and later, a kitchen display system (KDS) Display now requires an initial authentication. Previously, KDS Displays they were not authenticated.