UaExport does not send password
Posted: 20 Dec 2012, 15:03
Hello,
I am developing an OPC UA server based on the OPC UA Java stack from the OPC Foundation. For testing i am using UaExpert. My problem is that UaExpert does not send the provided password to my server when using username+password authentication.
My server uses SecurityPolicy.None for it's endpoint because we are assuming a secure connection between client and server. As UserTokenPolicy I am using UserTokenPolicy.SECURE_USERNAME_PASSWORD (URI: http://opcfoundation.org/UA/SecurityPol ... ic128Rsa15) so that the client has to send username and password for authentication.
On UaExpert the server properties are as follows:
Security Policy: none
Message Security Mode: none
Authentication Settings: Username and Password are entered
In the activateSession UaExpert properly sends a UserNameIdentityToken? with the correct username set. But Password, EncryptionAlgorithm and PolicyId are allways NULL! Do you have any idea what could lead to such a behaviour??
The weird thing is: i also downloaded your Java SDK for evaluation. It includes a SampleConsoleClient which properly sends username and password to my server with the specified encryptionAlgorithm and policyId set. Hence i was able to decrypt the password.
I also tried connecting UaExpert with the SampleConsoleServer (also provided in your SDK) using the same configuration and succeeded. I tried this because i thought maybe it is not possible using SecurityPolicy.None and username+password authentication because it is not secure. But UaExpert sends username+password to SampleConsoleServer as expected.
In the bottom line i just want to use no encryption and signing (SecurityPolicy.None) but the client should authenticate with username and password. I hope you can help me.
Best regards,
Harald
I am developing an OPC UA server based on the OPC UA Java stack from the OPC Foundation. For testing i am using UaExpert. My problem is that UaExpert does not send the provided password to my server when using username+password authentication.
My server uses SecurityPolicy.None for it's endpoint because we are assuming a secure connection between client and server. As UserTokenPolicy I am using UserTokenPolicy.SECURE_USERNAME_PASSWORD (URI: http://opcfoundation.org/UA/SecurityPol ... ic128Rsa15) so that the client has to send username and password for authentication.
On UaExpert the server properties are as follows:
Security Policy: none
Message Security Mode: none
Authentication Settings: Username and Password are entered
In the activateSession UaExpert properly sends a UserNameIdentityToken? with the correct username set. But Password, EncryptionAlgorithm and PolicyId are allways NULL! Do you have any idea what could lead to such a behaviour??
The weird thing is: i also downloaded your Java SDK for evaluation. It includes a SampleConsoleClient which properly sends username and password to my server with the specified encryptionAlgorithm and policyId set. Hence i was able to decrypt the password.
I also tried connecting UaExpert with the SampleConsoleServer (also provided in your SDK) using the same configuration and succeeded. I tried this because i thought maybe it is not possible using SecurityPolicy.None and username+password authentication because it is not secure. But UaExpert sends username+password to SampleConsoleServer as expected.
In the bottom line i just want to use no encryption and signing (SecurityPolicy.None) but the client should authenticate with username and password. I hope you can help me.
Best regards,
Harald