UaExport does not send password

There are three UA Stacks available from the OPC Foundation. In our products we use the OPC UA ANSI C Stack. The Java SDK uses the Java Stack.

Moderator: Support Team

Post Reply
hare
Jr. Member
Jr. Member
Posts: 2
Joined: 20 Dec 2012, 11:43

UaExport does not send password

Post by hare »

Hello,

I am developing an OPC UA server based on the OPC UA Java stack from the OPC Foundation. For testing i am using UaExpert. My problem is that UaExpert does not send the provided password to my server when using username+password authentication.

My server uses SecurityPolicy.None for it's endpoint because we are assuming a secure connection between client and server. As UserTokenPolicy I am using UserTokenPolicy.SECURE_USERNAME_PASSWORD (URI: http://opcfoundation.org/UA/SecurityPol ... ic128Rsa15) so that the client has to send username and password for authentication.

On UaExpert the server properties are as follows:
Security Policy: none
Message Security Mode: none
Authentication Settings: Username and Password are entered

In the activateSession UaExpert properly sends a UserNameIdentityToken? with the correct username set. But Password, EncryptionAlgorithm and PolicyId are allways NULL! Do you have any idea what could lead to such a behaviour??

The weird thing is: i also downloaded your Java SDK for evaluation. It includes a SampleConsoleClient which properly sends username and password to my server with the specified encryptionAlgorithm and policyId set. Hence i was able to decrypt the password.

I also tried connecting UaExpert with the SampleConsoleServer (also provided in your SDK) using the same configuration and succeeded. I tried this because i thought maybe it is not possible using SecurityPolicy.None and username+password authentication because it is not secure. But UaExpert sends username+password to SampleConsoleServer as expected.

In the bottom line i just want to use no encryption and signing (SecurityPolicy.None) but the client should authenticate with username and password. I hope you can help me.

Best regards,
Harald

User avatar
Support Team
Hero Member
Hero Member
Posts: 2519
Joined: 18 Mar 2011, 15:09

Re:UaExport does not send password

Post by Support Team »

Hello,

depending on the configured security policies of the endpoint and the UserIdentityToken, UaExpert uses the according algorithm to encrypt the password.

If the 'None' security policy is set for endpoint and UserIdentityToken, the password is not encrypted at all.

If a security policy other than 'None' is set for the UserIdentityToken (like in your server), the connection is not encrypted, but the password will be encrypted using the server's certificate. If the server does not provide a certificate, UaExpert cannot encrypt the password and will send an empty password and EncryptionAlorithm in the token.

Please configure your server to provide a certificate for the client to encrypt the password correctly. Or you can set the token's SecurityPolicyUri to 'None', then the password will be sent unencrypted.

Best regards,
Unified Automation Support Team
Best regards
Unified Automation Support Team

Post Reply