Connecting failed with error "BadIdentityTokenInvalid"

Unified Architecture topics related to OPC UA Specification, compliant behavior and any technical issues of OPC UA, like Security, Information Model, Companion Specs DI, PLCopen, ADI, ...

Moderator: Support Team

Post Reply
Kiasmo
Jr. Member
Jr. Member
Posts: 1
Joined: 15 Oct 2019, 09:57

Connecting failed with error "BadIdentityTokenInvalid"

Post by Kiasmo »

Hi to everybody.

I'm doing a C++ project implementing the OPCUA protocol and I'm focusing on enstablishing a connection between a server/client.
I show you the log messages that I have on UaExpert:

Connecting failed with error "BadIdentityTokenInvalid"
Error "BadIdentityTokenInvalid" was returned during ActivateSession
Used UserTokenType: UserName
ApplicationUri : "urn:open62541.server.application"
Security policy: "http://opcfoundation.org/UA/SecurityPol ... c256Sha256"
Endpoint: "opc.tcp://localhost:4840"


I'm wondering if the problem is about the server or the user, if it ever happen to someone of you and where I could find help :)
The server seem to have all the UserTokenType enabled but I'm confused about which could be my error.

Thank your in advance for your advices.

Have a good day.

meethemant
Jr. Member
Jr. Member
Posts: 2
Joined: 12 Sep 2021, 02:50

Re: Connecting failed with error "BadIdentityTokenInvalid"

Post by meethemant »

This will come when you are using user name and password based token while connecting to OPC UA server.
Provided user credentials in client must match with OPC UA Server.

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: Connecting failed with error "BadIdentityTokenInvalid"

Post by Support Team »

Hello,

have you experienced this error also with other UA Servers, or just with this one (open62541)?

Please check connectivity against Unified Automation Demoservers:
https://www.unified-automation.com/downloads/opc-ua-servers.html

The BadIdentityTokenInvalid may be returned when the serverside provided UserToken does not match with the clientside UserToken requested in ActivateSession. Some servers are "fault tolerant" and accept different token name string (as long as the content is correct), some other servers may adhere strictly to the spec, hence experience incompatibility in the field.
Best regards
Unified Automation Support Team

Post Reply