I have been able to connect UaExpert to my server using the following settings:
Security Settings
Security Policy: Basic256Sha256
Message Security Mode: Sign & Encrypt
Authentication Setting
Anonymous
When my ServerConfig.xml has the following lines added:
Code: Select all
<UaEndpoint>
<SecuritySettings>
<SecurityPolicy>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicy>
<MessageSecurityMode>Sign</MessageSecurityMode>
<MessageSecurityMode>SignAndEncrypt</MessageSecurityMode>
</SecuritySettings>
<AutomaticallyTrustAllClientCertificates>true</AutomaticallyTrustAllClientCertificates>
</UaEndpoint>
<UserIdentityTokens>
<EnableAnonymous>true</EnableAnonymous>
</UserIdentityTokens>
However, when I try and switch the UaExpert settings to the following:
Security Settings
Security Policy: None
Message Security Mode: None
Authentication Setting
Anonymous
And have the following lines in my ServerConfig.xml:
Code: Select all
<UaEndpoint>
<SecuritySettings>
<SecurityPolicy>http://opcfoundation.org/UA/SecurityPolicy#None</SecurityPolicy>
<MessageSecurityMode>None</MessageSecurityMode>
</SecuritySettings>
</UaEndpoint>
<UserIdentityTokens>
<EnableAnonymous>true</EnableAnonymous>
</UserIdentityTokens>
Are there other settings in the configuration file that are causing this failure?Endpoint: 'opc.tcp://my-hostname:48010'
Security policy: 'http://opcfoundation.org/UA/SecurityPolicy#None'
ApplicationUri: 'urn:my-hostname:UnifiedAutomation:UaServerCpp'
Used UserTokenType: Anonymous
Error 'BadSecurityPolicyRejected' was returned during CreateSession
Connection status of server 'UaServerCpp@my-hostname' changed to 'Disconnected'.
The line which looks the most suspicious to me is:
Code: Select all
<UserIdentityTokens>
<!--The security policy to use when encrypting or signing the UserIdentityToken when it is passed to the server.
This security policy is only applied for None Endpoints. For other Endpoints we use the security policy of the Endpoint.-->
<SecurityPolicy>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicy>
</UserIdentityTokens>
There is also a large section in the UaEndpoint tag called SecurityCheckOverwrites where you can disable many checks. I have tried setting all these values to true, meaning all checking is basically turned off, and after restarting the server, my results within UaExpert remain the same.
Also, I would like to point out that if I remove the #None from the UaEndpoint SecuritySettings in the ServerConfig.xml and then try and connect UaExpert with the None, None settings, it will produce a pop up saying:
And the debug log produces the following:Unsupported Security Policy
The connection cannot be established, because the server does not support the configured security policy.
Please try another configuration or press 'Ignore' to force trying to connect.
Which is a vastly different message than the one I am getting with the lines in the configuration file. Therefore it seems like it is initially supporting no security, but then something else is getting lost along the way, and I am very confused on what the issue is at this point.ApplicationUri: "
The server does not support the configured security policy 'http://opcfoundation.org/UA/SecurityPolicy#None