20:32, EEST
December 6, 2018
Below is the DEBUG log I got while the error happened.
Here the only difference I see is the slash(‘/’) at the end of the EndPointUrl . Can it be a reason for the error ???
** I have removed the IP address from EndPointURL rest is as it was.
2019-08-21 14:03:54,557 ERROR [org.o.u.a.Client ] – The endpoint received from GetEndpoints is not in the endpoints of CreateSessionResponse. Endpoint=EndpointDescription: EndpointDescription
EndpointUrl=opc.tcp://:48031
Server=null
ServerCertificate=null
SecurityMode=MessageSecurityMode
name=None
ordinal=1
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#None
UserIdentityTokens=class org.opcfoundation.ua.core.UserTokenPolicy[3]
[0]=UserTokenPolicy
PolicyId=0
TokenType=UserTokenType
name=Anonymous
ordinal=0
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=null
[1]=UserTokenPolicy
PolicyId=1
TokenType=UserTokenType
name=UserName
ordinal=1
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]=UserTokenPolicy
PolicyId=2
TokenType=UserTokenType
name=Certificate
ordinal=2
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri=http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel=0
2019-08-21 14:03:54,559 ERROR [org.o.u.a.Client ] – GetEndpoints returned endpoints=[EndpointDescription: EndpointDescription
EndpointUrl=opc.tcp://:48031
Server=null
ServerCertificate=null
SecurityMode=MessageSecurityMode
name=None
ordinal=1
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#None
UserIdentityTokens=class org.opcfoundation.ua.core.UserTokenPolicy[3]
[0]=UserTokenPolicy
PolicyId=0
TokenType=UserTokenType
name=Anonymous
ordinal=0
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=null
[1]=UserTokenPolicy
PolicyId=1
TokenType=UserTokenType
name=UserName
ordinal=1
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]=UserTokenPolicy
PolicyId=2
TokenType=UserTokenType
name=Certificate
ordinal=2
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri=http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel=0
]
2019-08-21 14:03:54,559 ERROR [org.o.u.a.Client ] – CreateSessionResponse endpoints=[EndpointDescription: EndpointDescription
EndpointUrl=opc.tcp://:48031/
Server=null
ServerCertificate=null
SecurityMode=MessageSecurityMode
name=None
ordinal=1
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#None
UserIdentityTokens=class org.opcfoundation.ua.core.UserTokenPolicy[3]
[0]=UserTokenPolicy
PolicyId=0
TokenType=UserTokenType
name=Anonymous
ordinal=0
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=null
[1]=UserTokenPolicy
PolicyId=1
TokenType=UserTokenType
name=UserName
ordinal=1
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]=UserTokenPolicy
PolicyId=2
TokenType=UserTokenType
name=Certificate
ordinal=2
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri=http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel=0
]
10:05, EEST
April 3, 2012
Yes, that would cause it to fail as they must be exactly the same. The check was added in order to pass the compliance tests. If you trust the server, you could set UaClient.setValidateDiscoveredEndpoints(false) to disable the check.
The specification mentions 1.04 Part 4 section 5.6.2.1 for the CreateSession description:
“The Server returns its EndpointDescriptions in the response. Clients use this information to
determine whether the list of EndpointDescriptions returned from the DiscoveryEndpoint matches
the Endpoints that the Server has. If there is a difference then the Client shall close the Session
and report an error.”
This is a security-check, as the Discovery Service Set can be accessed without a Session thus it doesn’t use message security.
10:12, EEST
December 6, 2018
12:20, EEST
December 6, 2018
14:25, EEST
April 3, 2012
The client tutorial in the ‘tutorial’ folder of the SDK (downloaded) package maybe, however it is from the SDK’s point of view and the point of the SDK is to make it easy so it is not in that much details.
Generally I would say the specification is probably the best place to look, even if it seems daunting at first. Probably best to start with Part 1, then you could jump to Part 4 section 4&5 for the service sets, Discovery, SecureChannel and Session Service Sets. Basically all that is done when you call UaClient.connect().
Also that would not pass, as it is not the same. In practice any difference should be a server bug. Basically the purpose of the check is to make sure it actually was the endpoints the server sent, not some rogue actor manipulating messages on the network. But as a note if you see differences that some parameters might be null, per the serverEndpoints return parameter in the 5.6.2.2 (1.04 Part 4): “It is recommended that Servers only include the server.applicationUri, endpointUrl, securityMode, securityPolicyUri, userIdentityTokens, transportProfileUri and securityLevel with all other parameters set to null. Only the recommended parameters shall be verified by the client.”
Most Users Ever Online: 1919
Currently Online:
16 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 728
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1529
Posts: 6471
Newest Members:
roycedelargie91, kourtneyquisenbe, ellis87832073466, zkxwilliemae, gabriellabachus, Deakin, KTP25Zof, Wojciech Kubala, efrennowell431, wilfredostuartModerators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0
Administrators: admin: 1