Log In
Register
Forum
Topic RSS
8:51, EEST
September 27, 2016
Offline
I am new for opc Us . I am using the prosys Opc Ua Java SDK for opc Ua server and client development. I have some question regarding User Access level
1) I am using prosys Opc Ua simulation client and server , How can I configure access level for a user in simulation
2) Where Should I implement the user access level ? As per my understanding It should be in Server side . I want confirmation .
3)Which API/Class/Method should I call or used for User Access Level .
I have licensed prosys opc Us Java sdk , I am looking for a help .
Thanks and regards,
Alok
10:03, EEST
April 3, 2012
Offline
Hi,
Note, I’m assuming you mean user access level as defined in the specification, which is different from the forming of the secure channel between the client and the server. So this answer is not about the Certificates that the client/server uses with the server/client in order to form the SecureChannel, but of the UserIdentityTokens/credentials an user/Session has which is done on top of the SecureChannel when the Session is formed.
1. The current version of the Simulation Server implements server-wide access only.
Use the Users view in the Simulation Server to add new user/password combinations. For Certificate and IssuedToken user authentication methods currently all are accepted if turned on.
2-3. You are correct that it is on the server side. Assuming you mean how to do it in the SDK, for server level user access, add an implementation of UserValidator interface to UaServer.setUserValidator. For more finer level, in addition to the UserValidator for UaServer add an IoManagerListener to the IoManager of the NodeManager and handle access levels in onGetUserAccessLevel method call. Alternatively you can subclass IoManager and override IoManager.getUserAccessLevel to do the same thing.
– Bjarne
11:17, EEST
September 27, 2016
Offline
Thanks Bjarne for your response
1) In simulation server, I am only able to add the user , Now suppose I have created one point in simulation and also added one user , Now I have connected the Opc UA client to Opc Ua Server using the User credentials , I want this user should have only read access for this point . I have not found How to assign the Access level like either readAccess or WriteAccess or both .(By default access level is as RA and WA both)
How we can configure access level for a user in server side ?
Thanks and regards
Alok
12:13, EEST
April 3, 2012
Offline
To be clear: there are 2 different products mentioned.
1. The SDK, https://prosysopc.com/products/opc-ua-java-sdk/, which is a development kit
2. The Simulation Server, https://prosysopc.com/products/opc-ua-simulation-server/, which is a free test tool (built by us using the SDK)
As I explained in earlier post in 1. that the simulation server implements a server-wide access only. Which means it does not support node-level access rights. This means that the scenario that you want is not supported at the moment in the simulation server. Note that the Simulation Server is a free product, it showcases some things that can be done with the SDK and it targeted as a development help tool, but given the vast amount of features of the SDK, it has a subset of those features that are most commonly used. The access level is not a commonly used feature, at least not currently (to my knowledge), most of the servers are fine by just having the secure channel via certificates.
For more custom solutions you can use the SDK (you did mention that you have a license) to build your own server based on the samples and my 2-3. part of previous answer.
– Bjarne
8:00, EEST
September 27, 2016
Offline
Thanks Bjarne , Now I am trying to customized the server implementation …
-Alok
7:49, EEST
September 27, 2016
Offline
Hello
I trying to add the user Identity in client side using client.setUserIdentity(new UserIdentity(userName, pws));
But not able to create a session I am getting error as below
UserName=Alok
Password=[256] 0x43d67743d2b42c728b03ac16f1596af717e3934933e178b6e2516851c7bff
fef4dd609debfa52ad820bf8a6542428471a8c3f2bd19ea82ab695ddd883e00e30f107b43d2966ae
f70535bf879ff5918cfe0248c26c84584f5dc9a78527e44402364d4060b77d8327cdcff655483e3d
4923c7bfa22866a09d8efdc1c3988c1ba806cab22dc978ba494222700bbd794b6538e4579139f3c9
86b84a9b7a74406d955a0e7c3d745173d819d3abebb52b79e55265552535802198e066d736d3e713
940fffcd0c59418274c1530fb68a37782970d7e80d1c43a3328390f07ebdd9b93cfe4a229a2ecd50
1045ea5b9c866ca467e9d117d7e5caca83706bb4084164eaed1
EncryptionAlgorithm=http://www.w3.org/2001/04/xmlenc#rsa-1_5
PolicyId=username_basic128
error=com.prosysopc.ua.SecureIdentityException: Failed to decrypt user password
Please help me on this issue , How to configure the user Identity
11:25, EEST
December 21, 2011
Offline
Which server are you connecting to?
Which SecurityPolicy (Basic128Rsa, Basic256 or Basic256Sha256) are you using in the connection?
12:22, EEST
September 27, 2016
Offline
Hi Aro
I am trying to connect the OpcUa client to OpcUa server using user and password . I am setting security mode as NONE, I am getting following error
com.prosysopc.ua.SessionActivationException: Failed to activate Session. Service
Result=Bad_InternalError (0x80020000) “An internal error occurred as a result of
a programming or configuration error.”
at com.prosysopc.ua.client.UaClient.j(Unknown Source)
at com.prosysopc.ua.client.UaClient.connect(Unknown Source)
at com.tridium.opcUaClient.BOpcUaDevice.lambda$doPing$0(BOpcUaDevice.jav
a:996)
at java.security.AccessController.doPrivileged(Native Method)
at com.tridium.opcUaClient.BOpcUaDevice.doPing(BOpcUaDevice.java:993)
at auto.com_tridium_opcUaClient_BOpcUaDevice.invoke(AutoGenerated)
at com.tridium.sys.schema.ComponentSlotMap.invoke(ComponentSlotMap.java:
1871)
at com.tridium.sys.engine.EngineUtil.doInvoke(EngineUtil.java:62)
at javax.baja.sys.BComponent.doInvoke(BComponent.java:1257)
at javax.baja.util.Invocation.run(Invocation.java:47)
at javax.baja.util.Worker.process(Worker.java:168)
at javax.baja.util.Worker$Processor.run(Worker.java:141)
at java.lang.Thread.run(Thread.java:745)
Caused by: ServiceFault: Bad_InternalError (0x80020000) “An internal error occur
red as a result of a programming or configuration error.”
Diagnostic Info: ServiceFault: Bad_InternalError (0x80020000) “An internal error
occurred as a result of a programming or configuration error.”
Diagnostic Info: java.lang.OutOfMemoryError: Java heap space
14:12, EEST
December 21, 2011
Offline
Which server are you connecting to? The error comes from the server, so check the implementation that is checking for the user accounts in the server.
14:24, EEST
September 27, 2016
Offline
How to add the user account in opc ua server side . I am very new in Opc Ua .
-Alok
14:33, EEST
December 21, 2011
Offline
It really depends on the server. So which server are you using?
14:38, EEST
September 27, 2016
Offline
We have implemented our won Opc Ua server also .
14:42, EEST
September 27, 2016
Offline
Actually I will have implement the User_Password Authentication mode, I think I will have to configure the user Account in Opc Server Side . Client will connect with server Using User name , Password and security Mode .
1) I have no Idea how to do Implementation of User Account configuration in Opc Ua server Side
15:06, EEST
December 21, 2011
Offline
I assume you are using the JavaSDK. the Tutorial and SampleConsoleServer have a very basic example. In principle, it is put to the server application, but you must define the correct results from the UserValidator.onValidate() as shown in the example implementation, MyUserValidator. But if you make an exception there that generates an exception, it will result to a Bad_InternalError, which is shown in the client. So, you need to debug your implementation until it works correctly.
15:23, EEST
September 27, 2016
Offline
I have implemented MyUserValidator , but I am getting exception as below ,
UserName=opcua
Password=[256] 0x480d0cb462d0a7060a899f9c6fcd687797421dd78ff62107e5433cc164cca
db779504ce0923830aa6365603a23b22eeeddc80e70f32d4973b460842aeb903cf1f2b6b19d0b717
c8850b8f1d50a0d603822a422f1d9ba2703846d0611b7b8d9253c95bfdfeb8f2f9cae5189ce5c9b2
96832d1cbcb0a17bf069428878b31712a5a8f4e4dbd7d23548f9434210f01dd328dbe36b0d1b8d82
ec949922378d1ce22dffd5850a037f04ac33ec7ac85edd357272427cc7e930115a412ab83d9292b7
3b5188e0725d92997c19d8db6d819e40c2ec152e58ef68b5581ea0cd91d83eb26d95338323c02fc0
c6af18aece14d065e6c96870b91dd82d40c6e7060cd4c08537b
EncryptionAlgorithm=http://www.w3.org/2001/04/xmlenc#rsa-1_5
PolicyId=username_basic128
error=com.prosysopc.ua.SecureIdentityException: Failed to decrypt user password
com.prosysopc.ua.SecureIdentityException: Failed to decrypt user password
at com.prosysopc.ua.UserIdentity.decryptPassword(Unknown Source)
at com.prosysopc.ua.server.ServerUserIdentity.(Unknown Source)
at com.prosysopc.ua.server.SessionManager.activateSession(Unknown Source
)
at com.prosysopc.ua.server.SessionServiceHandler.onActivateSession(Unkno
wn Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.opcfoundation.ua.application.ServiceHandlerComposition$1.serve(Un
known Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition.serve(Unkn
own Source)
at org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerSecureChannel.hand
leSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerConnection.handleS
ecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerConnection$4.onMes
sageComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.fire
Complete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.setM
essage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder$1.ru
n(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:617)
at java.lang.Thread.run(Thread.java:745)
16:02, EEST
December 21, 2011
Offline
Please, check that you have the Bouncy Castle libraries (lib/bc*.jar) in your class path.
16:59, EEST
September 27, 2016
Offline
We have Bouncy Castle libraries (lib/bc*.jar) and we are using bcpkix-jdk15on-154
17:13, EEST
December 21, 2011
Offline
The stack has been tested with version 1.52 only. So, please check with that one as well.
Can you get the SampleConsoleServer and SampleConsoleClient working together?
Also check the key size of the application instance certificates (what size are you using?)
17:16, EEST
December 21, 2011
Offline
Also, you can improve the logging a bit more by adding
log4j.logger.com.prosysopc.ua.UserIdentity=DEBUG
to the log.properties file of your application (assuming you are using log4j)
15:21, EEST
September 27, 2016
Offline
-Opc ua Sample code is working
-My Opc us client is able to connect with Simulation server
I am facing issue with opc ua server / My opc ua client is able to connect with opc ua server with anonymous authentication mode.
But when I have tried with user and password then geting error as below .
INFO [17:26:45 05-Oct-16 IST][com.tridium.opcUaServer.util.MyUserValidator] onV
lidationError: User validation failed: userToken=UserNameIdentityToken: UserNam
IdentityToken
UserName=opcua
Password=[256] 0x2135f563c5d274ec191749e0ca407d4c259db3fc69055424e4d53a6d60ba
d6ca853652e40bcbcd579e2bcf7d394f59315346acfd41d165b09b1a0c8141b608364334f561ee9
91d962a838823d3a36b720f17547230a85117c3bdb64cd499304bef5372b430a75d0c2ef2b1d38a
ca1a8192cd79e9e3241ac56b8824beab3ebe46329a44a534bfa97d5bbdb0b46e1bce05bcb62cc86
1d862921cfa82afddccf0d19a10876b0657c60c692aa77c56891a343adc13ea7830f334fd0dc3c1
bbae9958a4969c595522043501c8d02a1084f3a7caa0a78c085a79c4ad5f8c9245d2b6930ddcb43
da73079a14a68f8f57de66a0aa713be6fd2063149d89b77f8db
EncryptionAlgorithm=http://www.w3.org/2001/04/xmlenc#rsa-1_5
PolicyId=username_basic128
error=com.prosysopc.ua.SecureIdentityException: Failed to decrypt user passwor
FINE [17:26:45 05-Oct-16 IST][opcUaServer.server] onActivateSessionError Niagar
OpcUaClient Failed to decrypt user password
FINE [17:26:45 05-Oct-16 IST][opcUaServer.server] onCloseSession NiagaraOpcUaCl
ent true
com.prosysopc.ua.SessionActivationException: Failed to activate Session. Servic
Result=Bad_IdentityTokenInvalid (0x80200000) “The user identity token is not va
id.”
at com.prosysopc.ua.client.UaClient.j(Unknown Source)
at com.prosysopc.ua.client.UaClient.connect(Unknown Source)
at com.tridium.opcUaClient.BOpcUaDevice.lambda$doPing$1(BOpcUaDevice.ja
a:998)
at java.security.AccessController.doPrivileged(Native Method)
at com.tridium.opcUaClient.BOpcUaDevice.doPing(BOpcUaDevice.java:995)
at javax.baja.driver.ping.BPingMonitor.checkPing(BPingMonitor.java:365)
at javax.baja.driver.ping.BPingMonitor.run(BPingMonitor.java:346)
at java.lang.Thread.run(Thread.java:745)
Caused by: ServiceFault: Bad_IdentityTokenInvalid (0x80200000) “The user identi
y token is not valid.”
Diagnostic Info:
at org.opcfoundation.ua.transport.tcp.io.SecureChannelTcp.serviceReques
(Unknown Source)
at org.opcfoundation.ua.transport.tcp.io.SecureChannelTcp.serviceReques
(Unknown Source)
at org.opcfoundation.ua.application.SessionChannel.serviceRequest(Unkno
n Source)
at org.opcfoundation.ua.transport.ChannelService.ActivateSession(Unknow
Source)
at org.opcfoundation.ua.application.SessionChannel.activate(Unknown Sou
ce)
… 8 more
Most Users Ever Online: 1919
Currently Online:
21 Guest(s)
Currently Browsing this Page:
2 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 735
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1523
Posts: 6449
Newest Members:
rust, christamcdowall, redaahern07571, nigelbdhmp, travistimmons, AnnelCib, dalenegettinger, howardkennerley, Thomassnism, biancacraft16Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1026, Jimmy Ni: 26, Matti Siponen: 346, Lusetti: 0
Administrators: admin: 1
