Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » 4DIAC - Framework for Distributed Industrial Automation and Control » How to set user token policy in opc ua configuration file(question about opc ua configuration file)
How to set user token policy in opc ua configuration file [message #1848761] Thu, 16 December 2021 08:25 Go to next message
ys guo is currently offline ys guoFriend
Messages: 2
Registered: December 2021
Junior Member
I want to connect to opc ua servers which have some kind of security enabled. I config the security configurations for the endpoints in the configSecurity.forte file, but I didn't find user token policy parameter in the configuration file. If I only want to connect to opc ua server by username and password, there is no need to configure the certificate information. There should be a parameter that can be set to connect to the opc ua server via either anonymous, username and password, or certificate and private key.

Report message to a moderator

Re: How to set user token policy in opc ua configuration file [message #1849095 is a reply to message #1848761] Mon, 03 January 2022 17:22 Go to previous messageGo to next message
Kirill Dorofeev is currently offline Kirill DorofeevFriend
Messages: 70
Registered: February 2016
Member
I am not 100% sure, but as far as I remember, a certificate is still required also for the SIGN policy (username and pass) for creating a secure channel. These initial messages should be signed with the client's certificate. At least in our implementation, this was the reason to have a certificate for the client for the username/pass login, if I recall it correctly. Probably, there are more options that we did not consider in our current implementation.

Report message to a moderator

Re: How to set user token policy in opc ua configuration file [message #1849096 is a reply to message #1849095] Mon, 03 January 2022 17:29 Go to previous messageGo to next message
Kirill Dorofeev is currently offline Kirill DorofeevFriend
Messages: 70
Registered: February 2016
Member
just found what i think is the reason (part 4 opc ua spec):

Quote:
The OpenSecureChannel request and response Messages shall be signed with the sender's Certificate. These Messages shall always be encrypted. If the transport layer does not provide encryption, then these Messages shall be encrypted with the receiver's Certificate. These requirements for OpenSecureChannel only apply if the securityPolicyUri is not None.


This is probably what happens in the open62541 stack (and forte just follows the same requirements)

Report message to a moderator

Re: How to set user token policy in opc ua configuration file [message #1849101 is a reply to message #1849096] Tue, 04 January 2022 07:27 Go to previous message
ys guo is currently offline ys guoFriend
Messages: 2
Registered: December 2021
Junior Member
Thank you very much for your help!

Report message to a moderator

Previous Topic:4diac Modbus Function Blocks
Next Topic:Help- "Map to" option not displayed
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Apr 27 19:29:51 GMT 2024

Powered by FUDForum. Page generated in 0.03208 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly