Log In
Register
Topic RSS
13:48, EEST
March 16, 2017
Offline
Hi,
I’m trying to connect to the Milo Demo Server (opc.tcp://milo.digitalpetri.com:62541/milo) using security mode NONE and user/password
The ProsysBrowser gives me following error:
Bad_CertificateInvalid (code=0x80120000, description=”The Server Certificate was null. To enable activating a Session with Username/Password, the Server must provide a Server Certificate that is used for encrypting the password.”)
When trying the same with e.g. UaExport it works – so somehow it seems that UaExport can connect using user/password and securityMode NONE without having the ServerCertificate, but Proys Browser cannot.
The reason seems to be that Milo does not send the ServerCertificate on CreateSessionResponse
CreateSessionResponse
ResponseHeader: ResponseHeader
SessionId: NodeId
AuthenticationToken: NodeId
RevisedSessionTimeout: 30000
ServerNonce: 3b9a4a200506b3931638903d91e10b161d65861795d02d28499a9b6628b09a1f
ServerCertificate: [OpcUa Null ByteString]
ServerEndpoints: Array of EndpointDescription
ArraySize: 7
[0]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: None (0x00000001)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None
UserIdentityTokens: Array of UserTokenPolicy
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 32
[1]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: Sign (0x00000002)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
UserIdentityTokens: Array of UserTokenPolicy
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 68
[2]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: SignAndEncrypt (0x00000003)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
UserIdentityTokens: Array of UserTokenPolicy
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 132
[3]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: Sign (0x00000002)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
UserIdentityTokens: Array of UserTokenPolicy
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 72
[4]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: SignAndEncrypt (0x00000003)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
UserIdentityTokens: Array of UserTokenPolicy
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 136
[5]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: Sign (0x00000002)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss
UserIdentityTokens: Array of UserTokenPolicy
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 72
[6]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: SignAndEncrypt (0x00000003)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss
UserIdentityTokens: Array of UserTokenPolicy
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 136
ServerSoftwareCertificates: Array of SignedSoftwareCertificate
ServerSignature: SignatureData
MaxRequestMessageSize: 2097152
Is there any possibility to connect using Prosys SDK to the Milo Demo Server (in such a case that there is no Server Certiicate) – or might this a bug on side of the Milo-Server-SDK ?
14:04, EEST
March 16, 2017
Offline
I found the solution.
Milo SDK has not included the ServerCertificate in the CreateSessionRespons – see https://github.com/eclipse-mil…..ssues/1693
The Milo Online Demo Server seemed to use a SDK Version < 1.1.1 – when trying locally with the Milo Demo Server and SDK 1.1.2 it worked, and the CreateSessionResponse included also the Server Certificate.
But one question anyway – is there a way to connect to a server using security mode NONE when the server does not provide a Server Certificate using user/password?
14:31, EEST
April 3, 2012
Offline
Hi,
Could you please also show the ‘UserIdentityTokens: Array of UserTokenPolicy’ as expanded. It is technically possible to define one that doesn’t need the certificate. However, in general I wouldn’t recommend that as then the password would be transmitted in plaintxt so anyone being able to observe the network also then knows it. The certificates would typically be used even with NONE for the purposes of encrypting user passwords. However, the error you did see would indicate something else than null/NONE was configured for the user token policy, so not 100% sure what happens here.
14:56, EEST
April 3, 2012
Offline
I wrote the previous without noticing the new post.
Thanks. Based on the links you gave would indicate that we sort of have a bug. Though, it will result in the inverse of the problem mentioned in the first post of this topic. In short if CreateSessionResponse EndpointDescriptions do NOT contain a Certificate, then other than Anonymous user wont work, in most cases at least. This is because internally the client side Session will start to use the EndpointDescription from the CreateSessionResponse.
It should be noted that specification-wise it is ok to null certain fields, including the certificate. https://reference.opcfoundatio…..docs/5.7.2, ” It is recommended that Servers only include the server.applicationUri, endpointUrl, securityMode, securityPolicyUri, userIdentityTokens, transportProfileUri and securityLevel with all other parameters set to null or empty. ” as the other info is already obtained in GetEndpoints phase. Though our implementation uses the same logic for both GetEndpoints and CreateSessionResponse so it does not null them out.
15:00, EEST
March 16, 2017
Offline
sure, here is the complete CreateSessionResponse:
OpcUa Binary Protocol
Message Type: MSG
Chunk Type: F
Message Size: 3670
SecureChannelId: 1754025483
Security Token Id: 50795
Sequence Number: 2
RequestId: 2
Message: Encodeable Object
TypeId: ExpandedNodeId
NodeId EncodingMask: Four byte encoded Numeric (0x01)
NodeId Namespace Index: 0
NodeId Identifier Numeric: CreateSessionResponse (464)
CreateSessionResponse
ResponseHeader: ResponseHeader
Timestamp: Apr 13, 2026 13:58:39.653954400 Mitteleuropäische Sommerzeit
RequestHandle: 0
ServiceResult: 0x00000000 [Good]
ServiceDiagnostics: DiagnosticInfo
EncodingMask: 0x00
…. …0 = has symbolic id: False
…. ..0. = has namespace: False
…. .0.. = has localizedtext: False
…. 0… = has locale: False
…0 …. = has additional info: False
..0. …. = has inner statuscode: False
.0.. …. = has inner diagnostic info: False
StringTable: Array of String
ArraySize: -1
AdditionalHeader: ExtensionObject
TypeId: NodeId
…. 0000 = EncodingMask: Two byte encoded Numeric (0x0)
Identifier Numeric: 0
EncodingMask: 0x00
…. …0 = has binary body: False
…. ..0. = has xml body: False
SessionId: NodeId
…. 0011 = EncodingMask: String (0x3)
Namespace Index: 1
Identifier String: Session:08eb0d7e-8db5-4c58-98aa-4a892447a8bf
AuthenticationToken: NodeId
…. 0101 = EncodingMask: Opaque (0x5)
Namespace Index: 0
Identifier ByteString: 5b0c5625cbf57d7c9e8a14e83a6578fc94cdd22c4e643381398ea5d3003cd421
RevisedSessionTimeout: 30000
ServerNonce: d2db1e18e1361a06afa29e46a241fdda1a9b844b58550ec021582cc51648f2ef
ServerCertificate: [OpcUa Null ByteString]
ServerEndpoints: Array of EndpointDescription
ArraySize: 7
[0]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ApplicationUri: urn:opc:eclipse:milo:opc-ua-demo-server:b5122493-db3c-4d9e-b574-9e3b971f729e
ProductUri: [OpcUa Null String]
ApplicationName: LocalizedText
EncodingMask: 0x00
…. …0 = has locale information: False
…. ..0. = has text: False
ApplicationType: Server (0x00000000)
GatewayServerUri: [OpcUa Null String]
DiscoveryProfileUri: [OpcUa Null String]
DiscoveryUrls: Array of String
ArraySize: -1
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: None (0x00000001)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None
UserIdentityTokens: Array of UserTokenPolicy
ArraySize: 3
[0]: UserTokenPolicy
PolicyId: anonymous
UserTokenType: Anonymous (0x00000000)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: [OpcUa Null String]
[1]: UserTokenPolicy
PolicyId: username
UserTokenType: UserName (0x00000001)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]: UserTokenPolicy
PolicyId: certificate
UserTokenType: Certificate (0x00000002)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 32
[1]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ApplicationUri: urn:opc:eclipse:milo:opc-ua-demo-server:b5122493-db3c-4d9e-b574-9e3b971f729e
ProductUri: [OpcUa Null String]
ApplicationName: LocalizedText
EncodingMask: 0x00
…. …0 = has locale information: False
…. ..0. = has text: False
ApplicationType: Server (0x00000000)
GatewayServerUri: [OpcUa Null String]
DiscoveryProfileUri: [OpcUa Null String]
DiscoveryUrls: Array of String
ArraySize: -1
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: Sign (0x00000002)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
UserIdentityTokens: Array of UserTokenPolicy
ArraySize: 3
[0]: UserTokenPolicy
PolicyId: anonymous
UserTokenType: Anonymous (0x00000000)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: [OpcUa Null String]
[1]: UserTokenPolicy
PolicyId: username
UserTokenType: UserName (0x00000001)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]: UserTokenPolicy
PolicyId: certificate
UserTokenType: Certificate (0x00000002)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 68
[2]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ApplicationUri: urn:opc:eclipse:milo:opc-ua-demo-server:b5122493-db3c-4d9e-b574-9e3b971f729e
ProductUri: [OpcUa Null String]
ApplicationName: LocalizedText
EncodingMask: 0x00
…. …0 = has locale information: False
…. ..0. = has text: False
ApplicationType: Server (0x00000000)
GatewayServerUri: [OpcUa Null String]
DiscoveryProfileUri: [OpcUa Null String]
DiscoveryUrls: Array of String
ArraySize: -1
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: SignAndEncrypt (0x00000003)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
UserIdentityTokens: Array of UserTokenPolicy
ArraySize: 3
[0]: UserTokenPolicy
PolicyId: anonymous
UserTokenType: Anonymous (0x00000000)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: [OpcUa Null String]
[1]: UserTokenPolicy
PolicyId: username
UserTokenType: UserName (0x00000001)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]: UserTokenPolicy
PolicyId: certificate
UserTokenType: Certificate (0x00000002)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 132
[3]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ApplicationUri: urn:opc:eclipse:milo:opc-ua-demo-server:b5122493-db3c-4d9e-b574-9e3b971f729e
ProductUri: [OpcUa Null String]
ApplicationName: LocalizedText
EncodingMask: 0x00
…. …0 = has locale information: False
…. ..0. = has text: False
ApplicationType: Server (0x00000000)
GatewayServerUri: [OpcUa Null String]
DiscoveryProfileUri: [OpcUa Null String]
DiscoveryUrls: Array of String
ArraySize: -1
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: Sign (0x00000002)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
UserIdentityTokens: Array of UserTokenPolicy
ArraySize: 3
[0]: UserTokenPolicy
PolicyId: anonymous
UserTokenType: Anonymous (0x00000000)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: [OpcUa Null String]
[1]: UserTokenPolicy
PolicyId: username
UserTokenType: UserName (0x00000001)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]: UserTokenPolicy
PolicyId: certificate
UserTokenType: Certificate (0x00000002)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 72
[4]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ApplicationUri: urn:opc:eclipse:milo:opc-ua-demo-server:b5122493-db3c-4d9e-b574-9e3b971f729e
ProductUri: [OpcUa Null String]
ApplicationName: LocalizedText
EncodingMask: 0x00
…. …0 = has locale information: False
…. ..0. = has text: False
ApplicationType: Server (0x00000000)
GatewayServerUri: [OpcUa Null String]
DiscoveryProfileUri: [OpcUa Null String]
DiscoveryUrls: Array of String
ArraySize: -1
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: SignAndEncrypt (0x00000003)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
UserIdentityTokens: Array of UserTokenPolicy
ArraySize: 3
[0]: UserTokenPolicy
PolicyId: anonymous
UserTokenType: Anonymous (0x00000000)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: [OpcUa Null String]
[1]: UserTokenPolicy
PolicyId: username
UserTokenType: UserName (0x00000001)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]: UserTokenPolicy
PolicyId: certificate
UserTokenType: Certificate (0x00000002)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 136
[5]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ApplicationUri: urn:opc:eclipse:milo:opc-ua-demo-server:b5122493-db3c-4d9e-b574-9e3b971f729e
ProductUri: [OpcUa Null String]
ApplicationName: LocalizedText
EncodingMask: 0x00
…. …0 = has locale information: False
…. ..0. = has text: False
ApplicationType: Server (0x00000000)
GatewayServerUri: [OpcUa Null String]
DiscoveryProfileUri: [OpcUa Null String]
DiscoveryUrls: Array of String
ArraySize: -1
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: Sign (0x00000002)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss
UserIdentityTokens: Array of UserTokenPolicy
ArraySize: 3
[0]: UserTokenPolicy
PolicyId: anonymous
UserTokenType: Anonymous (0x00000000)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: [OpcUa Null String]
[1]: UserTokenPolicy
PolicyId: username
UserTokenType: UserName (0x00000001)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]: UserTokenPolicy
PolicyId: certificate
UserTokenType: Certificate (0x00000002)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 72
[6]: EndpointDescription
EndpointUrl: opc.tcp://milo.digitalpetri.com:62541/milo
Server: ApplicationDescription
ApplicationUri: urn:opc:eclipse:milo:opc-ua-demo-server:b5122493-db3c-4d9e-b574-9e3b971f729e
ProductUri: [OpcUa Null String]
ApplicationName: LocalizedText
EncodingMask: 0x00
…. …0 = has locale information: False
…. ..0. = has text: False
ApplicationType: Server (0x00000000)
GatewayServerUri: [OpcUa Null String]
DiscoveryProfileUri: [OpcUa Null String]
DiscoveryUrls: Array of String
ArraySize: -1
ServerCertificate: [OpcUa Null ByteString]
MessageSecurityMode: SignAndEncrypt (0x00000003)
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss
UserIdentityTokens: Array of UserTokenPolicy
ArraySize: 3
[0]: UserTokenPolicy
PolicyId: anonymous
UserTokenType: Anonymous (0x00000000)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: [OpcUa Null String]
[1]: UserTokenPolicy
PolicyId: username
UserTokenType: UserName (0x00000001)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]: UserTokenPolicy
PolicyId: certificate
UserTokenType: Certificate (0x00000002)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel: 136
ServerSoftwareCertificates: Array of SignedSoftwareCertificate
ArraySize: 0
ServerSignature: SignatureData
Algorithm: [OpcUa Null String]
Signature: [OpcUa Null ByteString]
MaxRequestMessageSize: 2097152
15:30, EEST
April 3, 2012
Offline
Sorry, we might not have a bug, since I missed one place re-set the Server’s certificate to the EndpointDescription after the CreateSessionResponse..
Anyway, now that we see the UserTokenPolicies it is obivious, the server requires a certificate in this case.
…
[0]: EndpointDescription
…
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None
UserIdentityTokens: Array of UserTokenPolicy
ArraySize: 3
[0]: UserTokenPolicy
PolicyId: anonymous
UserTokenType: Anonymous (0x00000000)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: [OpcUa Null String]
[1]: UserTokenPolicy
PolicyId: username
UserTokenType: UserName (0x00000001)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]: UserTokenPolicy
PolicyId: certificate
UserTokenType: Certificate (0x00000002)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
…
Thus, the None security endpoint contains a single UserName UserTokenPolicy, that defines security must be used for the token (SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256), thus therefore also a Certificate from the server is required in order to use this UserTokenPolicy, so that the password is encrypted.
IF it would have instead been defined like
[1]: UserTokenPolicy
PolicyId: username
UserTokenType: UserName (0x00000001)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: null
OR
[1]: UserTokenPolicy
PolicyId: username
UserTokenType: UserName (0x00000001)
IssuedTokenType: [OpcUa Null String]
IssuerEndpointUrl: [OpcUa Null String]
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None
then it would not need a Certificate and the password would be in plain-txt over the wire for the NONE endpoint (null basically means use the same policy as the channel). Though I would need to test does this work with our SDK.
Also, that being said, with our SDK, IF it there would be more than one UserTokenPolicy whose type is UserName, then basically the first one of those would be used. It is not possible to currently select it manually.
1 Guest(s)
