Regarding User identity token

Questions regarding the use of the UaExpert.

Moderator: uaexpert

Locked
induna23
Hero Member
Hero Member
Posts: 23
Joined: 02 Sep 2011, 06:15

Regarding User identity token

Post by induna23 »

Hi,

I would like to know which user identity token is used by UAExpert client to connect to OPC UA CPP server.
I am able to connect to OPC UA CPP Server using UAExpert only.
If I try to connect using some other .NET client as Anonymous, it says BadUserAccessDenied .
How does UAExpert handle this ? Is there no security feature checkings in UAExpert ?

Thanks & Regards,
Indu

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re:Regarding User identity token

Post by Support Team »

Hi Indu,

the UaExpert uses the IdentityToken selected by 'Authentication Settings' in the 'Add Server'/'Configure Server' dialog.

Using the Endpoint information retrieved in CreateSession, the PolicyId of the Token is set. For UserName- and Certificate-Tokens the SecurityPolicyUri is also set to the value provided by the server.

You could use the UA ComplianceTest tool of the OPC Foundation in Analyzer-Mode to have a look at the differences between the clients you are using.

Best regards
Support Team
Best regards
Unified Automation Support Team

induna23
Hero Member
Hero Member
Posts: 23
Joined: 02 Sep 2011, 06:15

Re:Regarding User identity token

Post by induna23 »

Hi,

With UAExpert, I am able to connect to the Server only in the following 2 modes :

Mode 1 :

Authentication Setting : "Anonymous"
Security settings : "None" and "None".

Mode 2 :

Authentication Setting : "UserName"
Security settings : "None" and "None".

With the below settings, my server does not get a create session call from UAExpert :

Authentication Setting : "Anonymous"
Security settings : "Basic128Rsa15" and "Sign".

What could be the reason ?

Thanks & Regards,
Indu

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re:Regarding User identity token

Post by Support Team »

Hi Indu,

have you accepted the client certificate on the server side?

To achieve this, go to the PKI folder of the server (e.g.
C:Documents and SettingsAll UsersApplication DataUnifiedAutomationUaDemoServerPKICA )
and copy the client certificate from the rejected folder to the certs folder.
Restart the server.

Best regards
Support Team
Best regards
Unified Automation Support Team

induna23
Hero Member
Hero Member
Posts: 23
Joined: 02 Sep 2011, 06:15

Re:Regarding User identity token

Post by induna23 »

Hi,

I am using OPC Foundation AnsiC stack as my server.
So in the path :
C:Documents and SettingsAll UsersApplication DataOPC FoundationRejectedCertificates

I couldn't find any rejected certificates.

Also why is the "Certificate currently not supported " seen in the Authentication Settings in UAExpert properties ?
Also , I was not able to find a UAExpert client certificate in the UAExpert installation folders.

Please help .


Thanks & Regards,
Indu

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re:Regarding User identity token

Post by Support Team »

Hello Indu,

if you have used the ANSI C Stack of the OPCF to build your server on top of it, you certainly have to care by yourself for the certificate management.
This is one of the reasons, why developers use our OPC UA SDKs. Many infrastructure implementations, they would have to do on their own, are already managed by our SDKs.

The certificate of the UaExpert can be found in the folder:
C:Documents and Settings***your username***Application DataunifiedautomationuaexpertPKICAcerts

Best regards
Support Team
Best regards
Unified Automation Support Team

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re:Regarding User identity token

Post by Support Team »

This topic is solved and has been locked by the administrator.

For new issues, please create a new topic.
Best regards
Unified Automation Support Team

Locked