Please consider registering

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —

— Match —

— Forum Options —

Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Prosys Simulation Server BadIdentityTokenRejected
October 27, 2022
10:39, EEST
New Member
Forum Posts: 2
Member Since:
October 27, 2022
sp_UserOfflineSmall Offline

Hi guys, I’m trying to connect to my prosys simulation server with a python opcua client. I already added server’s certificate to a folder in the client, then I trusted the Application Instance Certificate on the server and moreover I added the user’s certificate to .prosysopc/prosys-opc-ua-simulation-server/USERS_PKI/CA/certs. Anyway, I’m still not be able to connect my client to the prosys simulation server and I got the following error:

asyncua.ua.uaerrors._auto.BadIdentityTokenRejected: “The user identity token is valid but the server has rejected it.”(BadIdentityTokenRejected)

Any help ?

October 27, 2022
10:51, EEST
Bjarne Boström
Forum Posts: 986
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline


Most likely what happened:

You tried to connect using the user-cert, and that failed? Then after that you added the user-cert (as .der file, others might not work) to the USERS_PKI/CA/certs?

Assuming yes to above, then then the cert is in 2 places. We would have stored it in the ‘rejected’ folder from the first connect attempt (the same works for the ApplicationInstanceCerts, but we do not yet have UI for user-certs). Then it would be in the ‘certs’ added by you. Thus, the cert is both trusted and rejected, and I decided at some point when we did some of the validation logic that in this case it is safer to assume it is rejected than trusted. Though, this whole concept should be redone as a “new certs” or something instead (and then everything not trusted is rejected i.e. that there would be no “rejected” folder per se). There is lots of historical legacy regarding the design.

Thus, basically all you should need to do, is to delete the user-cert from the rejected folder (or basically instead of copying the user-cert from elsewhere, you could have moved it from the rejected to the certs folder).

It is possible it was something else, but this would be the first thing to check.

October 27, 2022
10:59, EEST
New Member
Forum Posts: 2
Member Since:
October 27, 2022
sp_UserOfflineSmall Offline

Yeah, that was the problem. Now I have moved the user’s certificate from rejected folder to cert folder and I’m able to connect to the server. Thank you!

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 518

Currently Online:
20 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 138

pramanj: 86

rocket science: 81

Francesco Zambon: 81

Ibrahim: 76

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 713

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1476

Posts: 6294

Newest Members:

mariam6210, donblanchard632, HowardLon, delilahhuggard, salvadorcolby69, HelenImpar, MnoioDat, babuinsobaka, Miikka Mikkonen, rickeylipinski

Moderators: Jouni Aro: 1015, Pyry: 1, Petri: 0, Bjarne Boström: 986, Jimmy Ni: 26, Matti Siponen: 328, Lusetti: 0

Administrators: admin: 1