Verification of UserTokenSignature failed

Questions regarding the use of the C++ SDK for Server or Client development or integration into customer products ...

Moderator: uasdkcpp

Post Reply
NicolasSopraSteria
Jr. Member
Jr. Member
Posts: 1
Joined: 23 Oct 2019, 14:59

Verification of UserTokenSignature failed

Post by NicolasSopraSteria »

Hi,

I am trying to connect a client to my Unified Automation server with the following caracteristcs :
[*] Tocken type : EnumUserTokenType_Certificate
[*] Security Mode : EnumMessageSecurityMode_SignAndEncrypt
[*] Security policy : SecurityPolicyUri_Basic256Sha256
[*] Policy Id : X509
[*] User Security Policy : SecurityPolicyUri_Basic256Sha256

My Unified Automation server is working well with UA Expert client therefore, when I try to connect my own client, I get the following error : BadIdentityTokenRejected.

I am sure my couple certificate / private key is valid because it is working with UA Expert, the error in my Unified Automation Server shows up before the certificate's validation, when the server is trying to read the certificate data. I get the following logs during session's activation:

13:44:58.915Z|4|41266700* ==> UaServer::ActivateSession [Request=9]
13:44:58.915Z|4|41266700* CALL OpcUa_Endpoint_GetMessageSecureChannelId
13:44:58.915Z|4|41266700* DONE OpcUa_Endpoint_GetMessageSecureChannelId [Result=0x0]
13:44:58.915Z|4|41266700* CALL OpcUa_Endpoint_GetMessageSecureChannelSecurityPolicy
13:44:58.915Z|4|41266700* [uastack] OpcUa_SecureListener_ChannelManager_GetChannelBySecureChannelID: Searched SecureChannel 0x7f4630014630 with id 232499350 refs 2!
13:44:58.915Z|4|41266700* [uastack] OpcUa_SecureListener_ChannelManager_ReleaseChannel: Searched SecureChannel 0x7f4630014630 with id 232499350 refs 1!
13:44:58.915Z|4|41266700* DONE OpcUa_Endpoint_GetMessageSecureChannelSecurityPolicy [Result=0x0]
13:44:58.915Z|4|41266700* CALL OpcUa_CryptoProvider_Create
13:44:58.915Z|4|41266700* DONE OpcUa_CryptoProvider_Create [Result=0x0]
13:44:58.915Z|6|41266700* --> UaSession::startingServiceProcessing [ID=231812731]
13:44:58.915Z|6|41266700* <-- UaSession::startingServiceProcessing - activeServiceCount = 1
13:44:58.915Z|6|41266700* ActivateSession passed X509IdentityToken
13:44:58.915Z|4|41266700* CALL OpcUa_CryptoProvider_Create for User
13:44:58.915Z|4|41266700* DONE OpcUa_CryptoProvider_Create for User [Result=0x0]
13:44:58.915Z|4|41266700* CALL cryptoProvider.GetPublicKeyFromCert
13:44:58.915Z|4|41266700* DONE cryptoProvider.GetPublicKeyFromCert [Result=0x0]
13:44:58.915Z|4|41266700* CALL cryptoProvider.GetPublicKeyFromCert
13:44:58.915Z|4|41266700* DONE cryptoProvider.GetPublicKeyFromCert [Result=0x0]
13:44:58.915Z|4|41266700* CALL cryptoProvider.AsymmetricVerify
13:44:58.916Z|4|41266700* DONE cryptoProvider.AsymmetricVerify [Result=0x0]
13:44:58.916Z|4|41266700* Verification of UserTokenSignature failed
13:44:58.916Z|3|41266700* Session/ActivateSession - SessionId: {f6fd3386-fa5e-4e66-b02d-592a811dc840}
13:44:58.916Z|3|41266700* Session/ActivateSession - ClientUserId:
13:44:58.916Z|3|41266700* Session/ActivateSession - UserTokenCertificate: Certificate Data: 3082057D30820365A0030201020208012B7E3F4F...


I am really struggling to understand this error, in fact I don't know what kind of bug can trigger it.

Thank you very much for your time, please let me know if you need any further details about this issue.

Nicolas

User avatar
Support Team
Hero Member
Hero Member
Posts: 2532
Joined: 18 Mar 2011, 15:09

Re: Verification of UserTokenSignature failed

Post by Support Team »

Hello,

To connect with the certificate to the Server, you need to trust the user certificate as well.

Please, check for the user certificate at \bin\pkiuser\rejected
move it to the trust list \bin\pkiuser\trusted\certs

Find the more information about User Authentication here http://documentation.unified-automation.com/uasdkcpp/1.7.2/html/L2UaDiscoveryConnect.html
Best regards
Unified Automation Support Team

Post Reply