Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
How to define User Access level in opc Ua server
September 27, 2016
8:51, EEST
Avatar
Alok102
Member
Members
Forum Posts: 13
Member Since:
September 27, 2016
sp_UserOfflineSmall Offline

I am new for opc Us . I am using the prosys Opc Ua Java SDK for opc Ua server and client development. I have some question regarding User Access level

1) I am using prosys Opc Ua simulation client and server , How can I configure access level for a user in simulation
2) Where Should I implement the user access level ? As per my understanding It should be in Server side . I want confirmation .
3)Which API/Class/Method should I call or used for User Access Level .

I have licensed prosys opc Us Java sdk , I am looking for a help .

Thanks and regards,
Alok

September 27, 2016
10:03, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 982
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Hi,

Note, I’m assuming you mean user access level as defined in the specification, which is different from the forming of the secure channel between the client and the server. So this answer is not about the Certificates that the client/server uses with the server/client in order to form the SecureChannel, but of the UserIdentityTokens/credentials an user/Session has which is done on top of the SecureChannel when the Session is formed.

1. The current version of the Simulation Server implements server-wide access only.
Use the Users view in the Simulation Server to add new user/password combinations. For Certificate and IssuedToken user authentication methods currently all are accepted if turned on.

2-3. You are correct that it is on the server side. Assuming you mean how to do it in the SDK, for server level user access, add an implementation of UserValidator interface to UaServer.setUserValidator. For more finer level, in addition to the UserValidator for UaServer add an IoManagerListener to the IoManager of the NodeManager and handle access levels in onGetUserAccessLevel method call. Alternatively you can subclass IoManager and override IoManager.getUserAccessLevel to do the same thing.

– Bjarne

September 27, 2016
11:17, EEST
Avatar
Alok102
Member
Members
Forum Posts: 13
Member Since:
September 27, 2016
sp_UserOfflineSmall Offline

Thanks Bjarne for your response

1) In simulation server, I am only able to add the user , Now suppose I have created one point in simulation and also added one user , Now I have connected the Opc UA client to Opc Ua Server using the User credentials , I want this user should have only read access for this point . I have not found How to assign the Access level like either readAccess or WriteAccess or both .(By default access level is as RA and WA both)

How we can configure access level for a user in server side ?

Thanks and regards
Alok

September 27, 2016
12:13, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 982
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

To be clear: there are 2 different products mentioned.
1. The SDK, https://prosysopc.com/products/opc-ua-java-sdk/, which is a development kit
2. The Simulation Server, https://prosysopc.com/products/opc-ua-simulation-server/, which is a free test tool (built by us using the SDK)

As I explained in earlier post in 1. that the simulation server implements a server-wide access only. Which means it does not support node-level access rights. This means that the scenario that you want is not supported at the moment in the simulation server. Note that the Simulation Server is a free product, it showcases some things that can be done with the SDK and it targeted as a development help tool, but given the vast amount of features of the SDK, it has a subset of those features that are most commonly used. The access level is not a commonly used feature, at least not currently (to my knowledge), most of the servers are fine by just having the secure channel via certificates.

For more custom solutions you can use the SDK (you did mention that you have a license) to build your own server based on the samples and my 2-3. part of previous answer.

– Bjarne

September 28, 2016
8:00, EEST
Avatar
Alok102
Member
Members
Forum Posts: 13
Member Since:
September 27, 2016
sp_UserOfflineSmall Offline

Thanks Bjarne , Now I am trying to customized the server implementation …
-Alok

September 30, 2016
7:49, EEST
Avatar
Alok102
Member
Members
Forum Posts: 13
Member Since:
September 27, 2016
sp_UserOfflineSmall Offline

Hello
I trying to add the user Identity in client side using client.setUserIdentity(new UserIdentity(userName, pws));
But not able to create a session I am getting error as below
UserName=Alok
Password=[256] 0x43d67743d2b42c728b03ac16f1596af717e3934933e178b6e2516851c7bff
fef4dd609debfa52ad820bf8a6542428471a8c3f2bd19ea82ab695ddd883e00e30f107b43d2966ae
f70535bf879ff5918cfe0248c26c84584f5dc9a78527e44402364d4060b77d8327cdcff655483e3d
4923c7bfa22866a09d8efdc1c3988c1ba806cab22dc978ba494222700bbd794b6538e4579139f3c9
86b84a9b7a74406d955a0e7c3d745173d819d3abebb52b79e55265552535802198e066d736d3e713
940fffcd0c59418274c1530fb68a37782970d7e80d1c43a3328390f07ebdd9b93cfe4a229a2ecd50
1045ea5b9c866ca467e9d117d7e5caca83706bb4084164eaed1
EncryptionAlgorithm=http://www.w3.org/2001/04/xmlenc#rsa-1_5
PolicyId=username_basic128
error=com.prosysopc.ua.SecureIdentityException: Failed to decrypt user password
Please help me on this issue , How to configure the user Identity

September 30, 2016
11:25, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1009
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Which server are you connecting to?

Which SecurityPolicy (Basic128Rsa, Basic256 or Basic256Sha256) are you using in the connection?

September 30, 2016
12:22, EEST
Avatar
Alok102
Member
Members
Forum Posts: 13
Member Since:
September 27, 2016
sp_UserOfflineSmall Offline

Hi Aro

I am trying to connect the OpcUa client to OpcUa server using user and password . I am setting security mode as NONE, I am getting following error

com.prosysopc.ua.SessionActivationException: Failed to activate Session. Service
Result=Bad_InternalError (0x80020000) “An internal error occurred as a result of
a programming or configuration error.”
at com.prosysopc.ua.client.UaClient.j(Unknown Source)
at com.prosysopc.ua.client.UaClient.connect(Unknown Source)
at com.tridium.opcUaClient.BOpcUaDevice.lambda$doPing$0(BOpcUaDevice.jav
a:996)
at java.security.AccessController.doPrivileged(Native Method)
at com.tridium.opcUaClient.BOpcUaDevice.doPing(BOpcUaDevice.java:993)
at auto.com_tridium_opcUaClient_BOpcUaDevice.invoke(AutoGenerated)
at com.tridium.sys.schema.ComponentSlotMap.invoke(ComponentSlotMap.java:
1871)
at com.tridium.sys.engine.EngineUtil.doInvoke(EngineUtil.java:62)
at javax.baja.sys.BComponent.doInvoke(BComponent.java:1257)
at javax.baja.util.Invocation.run(Invocation.java:47)
at javax.baja.util.Worker.process(Worker.java:168)
at javax.baja.util.Worker$Processor.run(Worker.java:141)
at java.lang.Thread.run(Thread.java:745)
Caused by: ServiceFault: Bad_InternalError (0x80020000) “An internal error occur
red as a result of a programming or configuration error.”
Diagnostic Info: ServiceFault: Bad_InternalError (0x80020000) “An internal error
occurred as a result of a programming or configuration error.”
Diagnostic Info: java.lang.OutOfMemoryError: Java heap space

September 30, 2016
14:12, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1009
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Which server are you connecting to? The error comes from the server, so check the implementation that is checking for the user accounts in the server.

September 30, 2016
14:24, EEST
Avatar
Alok102
Member
Members
Forum Posts: 13
Member Since:
September 27, 2016
sp_UserOfflineSmall Offline

How to add the user account in opc ua server side . I am very new in Opc Ua .

-Alok

September 30, 2016
14:33, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1009
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

It really depends on the server. So which server are you using?

September 30, 2016
14:38, EEST
Avatar
Alok102
Member
Members
Forum Posts: 13
Member Since:
September 27, 2016
sp_UserOfflineSmall Offline

We have implemented our won Opc Ua server also .

September 30, 2016
14:42, EEST
Avatar
Alok102
Member
Members
Forum Posts: 13
Member Since:
September 27, 2016
sp_UserOfflineSmall Offline

Actually I will have implement the User_Password Authentication mode, I think I will have to configure the user Account in Opc Server Side . Client will connect with server Using User name , Password and security Mode .
1) I have no Idea how to do Implementation of User Account configuration in Opc Ua server Side

September 30, 2016
15:06, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1009
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

I assume you are using the JavaSDK. the Tutorial and SampleConsoleServer have a very basic example. In principle, it is put to the server application, but you must define the correct results from the UserValidator.onValidate() as shown in the example implementation, MyUserValidator. But if you make an exception there that generates an exception, it will result to a Bad_InternalError, which is shown in the client. So, you need to debug your implementation until it works correctly.

September 30, 2016
15:23, EEST
Avatar
Alok102
Member
Members
Forum Posts: 13
Member Since:
September 27, 2016
sp_UserOfflineSmall Offline

I have implemented MyUserValidator , but I am getting exception as below ,

UserName=opcua
Password=[256] 0x480d0cb462d0a7060a899f9c6fcd687797421dd78ff62107e5433cc164cca
db779504ce0923830aa6365603a23b22eeeddc80e70f32d4973b460842aeb903cf1f2b6b19d0b717
c8850b8f1d50a0d603822a422f1d9ba2703846d0611b7b8d9253c95bfdfeb8f2f9cae5189ce5c9b2
96832d1cbcb0a17bf069428878b31712a5a8f4e4dbd7d23548f9434210f01dd328dbe36b0d1b8d82
ec949922378d1ce22dffd5850a037f04ac33ec7ac85edd357272427cc7e930115a412ab83d9292b7
3b5188e0725d92997c19d8db6d819e40c2ec152e58ef68b5581ea0cd91d83eb26d95338323c02fc0
c6af18aece14d065e6c96870b91dd82d40c6e7060cd4c08537b
EncryptionAlgorithm=http://www.w3.org/2001/04/xmlenc#rsa-1_5
PolicyId=username_basic128
error=com.prosysopc.ua.SecureIdentityException: Failed to decrypt user password

com.prosysopc.ua.SecureIdentityException: Failed to decrypt user password
at com.prosysopc.ua.UserIdentity.decryptPassword(Unknown Source)
at com.prosysopc.ua.server.ServerUserIdentity.(Unknown Source)
at com.prosysopc.ua.server.SessionManager.activateSession(Unknown Source
)
at com.prosysopc.ua.server.SessionServiceHandler.onActivateSession(Unkno
wn Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.opcfoundation.ua.application.ServiceHandlerComposition$1.serve(Un
known Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition.serve(Unkn
own Source)
at org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerSecureChannel.hand
leSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerConnection.handleS
ecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerConnection$4.onMes
sageComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.fire
Complete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.setM
essage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder$1.ru
n(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:617)
at java.lang.Thread.run(Thread.java:745)

September 30, 2016
16:02, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1009
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Please, check that you have the Bouncy Castle libraries (lib/bc*.jar) in your class path.

September 30, 2016
16:59, EEST
Avatar
Alok102
Member
Members
Forum Posts: 13
Member Since:
September 27, 2016
sp_UserOfflineSmall Offline

We have Bouncy Castle libraries (lib/bc*.jar) and we are using bcpkix-jdk15on-154

September 30, 2016
17:13, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1009
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

The stack has been tested with version 1.52 only. So, please check with that one as well.

Can you get the SampleConsoleServer and SampleConsoleClient working together?

Also check the key size of the application instance certificates (what size are you using?)

September 30, 2016
17:16, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1009
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Also, you can improve the logging a bit more by adding

log4j.logger.com.prosysopc.ua.UserIdentity=DEBUG

to the log.properties file of your application (assuming you are using log4j)

October 5, 2016
15:21, EEST
Avatar
Alok102
Member
Members
Forum Posts: 13
Member Since:
September 27, 2016
sp_UserOfflineSmall Offline

-Opc ua Sample code is working
-My Opc us client is able to connect with Simulation server

I am facing issue with opc ua server / My opc ua client is able to connect with opc ua server with anonymous authentication mode.

But when I have tried with user and password then geting error as below .

INFO [17:26:45 05-Oct-16 IST][com.tridium.opcUaServer.util.MyUserValidator] onV
lidationError: User validation failed: userToken=UserNameIdentityToken: UserNam
IdentityToken
UserName=opcua
Password=[256] 0x2135f563c5d274ec191749e0ca407d4c259db3fc69055424e4d53a6d60ba
d6ca853652e40bcbcd579e2bcf7d394f59315346acfd41d165b09b1a0c8141b608364334f561ee9
91d962a838823d3a36b720f17547230a85117c3bdb64cd499304bef5372b430a75d0c2ef2b1d38a
ca1a8192cd79e9e3241ac56b8824beab3ebe46329a44a534bfa97d5bbdb0b46e1bce05bcb62cc86
1d862921cfa82afddccf0d19a10876b0657c60c692aa77c56891a343adc13ea7830f334fd0dc3c1
bbae9958a4969c595522043501c8d02a1084f3a7caa0a78c085a79c4ad5f8c9245d2b6930ddcb43
da73079a14a68f8f57de66a0aa713be6fd2063149d89b77f8db
EncryptionAlgorithm=http://www.w3.org/2001/04/xmlenc#rsa-1_5
PolicyId=username_basic128
error=com.prosysopc.ua.SecureIdentityException: Failed to decrypt user passwor

FINE [17:26:45 05-Oct-16 IST][opcUaServer.server] onActivateSessionError Niagar
OpcUaClient Failed to decrypt user password
FINE [17:26:45 05-Oct-16 IST][opcUaServer.server] onCloseSession NiagaraOpcUaCl
ent true
com.prosysopc.ua.SessionActivationException: Failed to activate Session. Servic
Result=Bad_IdentityTokenInvalid (0x80200000) “The user identity token is not va
id.”
at com.prosysopc.ua.client.UaClient.j(Unknown Source)
at com.prosysopc.ua.client.UaClient.connect(Unknown Source)
at com.tridium.opcUaClient.BOpcUaDevice.lambda$doPing$1(BOpcUaDevice.ja
a:998)
at java.security.AccessController.doPrivileged(Native Method)
at com.tridium.opcUaClient.BOpcUaDevice.doPing(BOpcUaDevice.java:995)
at javax.baja.driver.ping.BPingMonitor.checkPing(BPingMonitor.java:365)
at javax.baja.driver.ping.BPingMonitor.run(BPingMonitor.java:346)
at java.lang.Thread.run(Thread.java:745)
Caused by: ServiceFault: Bad_IdentityTokenInvalid (0x80200000) “The user identi
y token is not valid.”
Diagnostic Info:
at org.opcfoundation.ua.transport.tcp.io.SecureChannelTcp.serviceReques
(Unknown Source)
at org.opcfoundation.ua.transport.tcp.io.SecureChannelTcp.serviceReques
(Unknown Source)
at org.opcfoundation.ua.application.SessionChannel.serviceRequest(Unkno
n Source)
at org.opcfoundation.ua.transport.ChannelService.ActivateSession(Unknow
Source)
at org.opcfoundation.ua.application.SessionChannel.activate(Unknown Sou
ce)
… 8 more

No permission to create posts
Forum Timezone: Europe/Helsinki

Most Users Ever Online: 518

Currently Online:
24 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 135

pramanj: 86

Francesco Zambon: 81

rocket science: 75

ibrahim: 75

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

fred: 41

Member Stats:

Guest Posters: 0

Members: 708

Moderators: 16

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1465

Posts: 6252

Newest Members:

christi10l, ahamad1, Flores Frederick, ellenmoss, harriettscherer, shanonhumphreys, KupimotoblokfuB, tamhollander5, paulinafcf, bridgette18l

Moderators: Jouni Aro: 1009, Otso Palonen: 32, Tuomas Hiltunen: 5, Pyry: 1, Petri: 0, Bjarne Boström: 982, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 26, Teppo Uimonen: 21, Markus Johansson: 42, Niklas Nurminen: 0, Matti Siponen: 319, Lusetti: 0, Ari-Pekka Soikkeli: 5

Administrators: admin: 1