Accessing PiWebApi from Azure Kubernetes

Hi larsoleruben​,

You may be interested in upgrading to PI Web API 2023 to take advantage of Bearer auth. MS Entra ID or Azure Active Directory is OpenID Connect based and should be compatible with the new PI Server 2023 authentication scheme.

That's assuming the customer can wait 6 months for the contract to be negotiated with AVEVA.

Outside of 2023, your options are to use Kerberos or Basic, if you're running the latest non-2023 version, 2021 SP3. Now, if you go back to 2019 SP1, you can use the Bearer Authentication method. However, this does require using the deprecated C2WTS and requires an IDP to verify the JWT. Your options depend on your timeline and security requirements - although I'd always recommend using the most secure (which in this case would be 2023 with AVEVA AIM).

That being said, hopefully AVEVA does something to allow users without AVEVA AIM to user Bearer Authentication. It's a standard authentication method and should be supported regardless of which contract a customer has.

That's assuming the customer can wait 6 months for the contract to be negotiated with AVEVA.

Outside of 2023, your options are to use Kerberos or Basic, if you're running the latest non-2023 version, 2021 SP3. Now, if you go back to 2019 SP1, you can use the Bearer Authentication method. However, this does require using the deprecated C2WTS and requires an IDP to verify the JWT. Your options depend on your timeline and security requirements - although I'd always recommend using the most secure (which in this case would be 2023 with AVEVA AIM).

That being said, hopefully AVEVA does something to allow users without AVEVA AIM to user Bearer Authentication. It's a standard authentication method and should be supported regardless of which contract a customer has.