I've implemented a serverCallback class that handles the creation of sessions as well as handles the logging in of users to our server. I'm curious if there is a capability to return a specific error message to the client based on their login information. I already have a system in place to construct the error message based on different login situations (no registered user, invalid password, etc.) i'm just unsure as to how to push this information to the client. Any pointers would be much appreciated.
(1) How to transport error text to client
OPC UA provides a concept called diagnostic information that allows servers to return additional information for every status code returned from the server. The diagnostic information can be set on the UaStatus returned by UaServerApplicationCallback::logonSessionUser(). The information can be set with UaStatus::setDiagnosticInfo().
(2) Security implications
From a security point of view it is not recommended to return specific error information that gives an attacker additional information. To tell the client that the user is known but the password is invalid is a bad idea.
The recommendation is that such information is provided in a server log or in Audit Events.
