Hi
Having C++ SDK OPC UA Demo Server 1.5.6 bld 361.
If I configure an endpoint E with
<SecurityPolicy>http://opcfoundation.org/UA/SecurityPol ... rityPolicy>
<MessageSecurityMode>None</MessageSecurityMode>
AND
the UserIdentityTokens SecurityPolicy also with None
then on calling getEndpoints the server seems to omit the USERNAME token in the endpoint description, regardless , if EnableUserPw is set to true.
Subsequently, no client is able to activate a session over this endpoint. Every connection/session act attempt results in a BadConfiguration
The same goes for the X509 token.
I understand that applying this type of configuration is a high security risk
It would only be for testing purposes. The UA standard does not forbid this type of configuration (see OPCUA Standard, ver 1.04, chapter 7.36.4), but of course heavily discourages it
Question 1: Is the omission of tokens USERNAME (and X509) done deliberately by the UA CPP server or is this a bug?
Question 2: Interestingly, connection to another purely secure endpoint on the same server seems not to be possible anymore, too , e.g. UAExpert logs a BadConfigurationError
AFAIK, if an endpoint defines its own security policy and messagesecurity, the server shall use it. The security policy in the UserIdentityTokens entry shall only be applied, if the endpoint has SecurityPolicy NONE.
Bug?
Thx for clarification
Bernhard
ServerConfig: UserIdentityToken USERNAME not provided
Moderator: uasdkcpp
-
fubak
- Jr. Member
- Posts: 1
- Joined: 08 Apr 2019, 15:10