Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
sp_Search Search
Advanced Search
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Search Search
Go to Bottom
No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
Prosys Simulation Server BadIdentityTokenRejected
October 27, 2022
10:39, EEST
Avatar
fcarli
New Member
Members
Forum Posts: 2
Member Since:
October 27, 2022
sp_UserOfflineSmall Offline
Go to Top
1sp_EditHistory sp_Permalink sp_Print

Hi guys, I’m trying to connect to my prosys simulation server with a python opcua client. I already added server’s certificate to a folder in the client, then I trusted the Application Instance Certificate on the server and moreover I added the user’s certificate to .prosysopc/prosys-opc-ua-simulation-server/USERS_PKI/CA/certs. Anyway, I’m still not be able to connect my client to the prosys simulation server and I got the following error:

“`
asyncua.ua.uaerrors._auto.BadIdentityTokenRejected: “The user identity token is valid but the server has rejected it.”(BadIdentityTokenRejected)

“`
Any help ?

October 27, 2022
10:51, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 994
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline
Go to Top
2sp_Permalink sp_Print

Hi,

Most likely what happened:

You tried to connect using the user-cert, and that failed? Then after that you added the user-cert (as .der file, others might not work) to the USERS_PKI/CA/certs?

Assuming yes to above, then then the cert is in 2 places. We would have stored it in the ‘rejected’ folder from the first connect attempt (the same works for the ApplicationInstanceCerts, but we do not yet have UI for user-certs). Then it would be in the ‘certs’ added by you. Thus, the cert is both trusted and rejected, and I decided at some point when we did some of the validation logic that in this case it is safer to assume it is rejected than trusted. Though, this whole concept should be redone as a “new certs” or something instead (and then everything not trusted is rejected i.e. that there would be no “rejected” folder per se). There is lots of historical legacy regarding the design.

Thus, basically all you should need to do, is to delete the user-cert from the rejected folder (or basically instead of copying the user-cert from elsewhere, you could have moved it from the rejected to the certs folder).

It is possible it was something else, but this would be the first thing to check.

October 27, 2022
10:59, EEST
Avatar
fcarli
New Member
Members
Forum Posts: 2
Member Since:
October 27, 2022
sp_UserOfflineSmall Offline
Go to Top
3sp_Permalink sp_Print

Yeah, that was the problem. Now I have moved the user’s certificate from rejected folder to cert folder and I’m able to connect to the server. Thank you!

No permission to create posts
sp_Feed All RSS
Go to top
Forum Timezone: Europe/Helsinki

Most Users Ever Online: 518

Currently Online:
17 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 142

pramanj: 86

Francesco Zambon: 83

rocket science: 82

Ibrahim: 76

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 704

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1482

Posts: 6316

Newest Members:

samui, TommyDab, wross, Jeremyknock, Pedromon, DonaldEdism, Miguelplese, Scotanine, katesalas95, Petertum

Moderators: Jouni Aro: 1015, Pyry: 1, Petri: 0, Bjarne Boström: 994, Jimmy Ni: 26, Matti Siponen: 330, Lusetti: 0

Administrators: admin: 1