Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Multiple user sessions within one secure channel
March 10, 2022
11:43, EET
Avatar
rocket science
Member
Members
Forum Posts: 88
Member Since:
March 16, 2017
sp_UserOfflineSmall Offline

Hi,

as I understood when using …

UaClient client = new UaClient(serverUri);
client.setSecurityMode(..)
client.setUserIdentity(..)
client.setUserIdentity(..)

client.connect()

…. the SDK open one secure channel and within this secure channel the user session, right?

We have a customer which says, that he allows only one secure channel per application certificate. As we would like to have two user session to this server from one single application (so also from one single application certificate), the customer told us that we can use multiple user session on one secure channel.

I just wonder if it is possible with the Prosys Java SDK to create more than one user sessions on one secure channel?

Thanks!

March 10, 2022
13:16, EET
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 1026
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Hi,

Only the most recent client.setUserIdentity matters, setting a new one would replace the old one. If connected, a new ActivateSession would be done as per spec (with the new identity).

Preferably I would want like proof in the form of OPC UA Specification link (https://reference.opcfoundation.org/) that it is that truly possible in the first place (more than one Session per SecureChannel). Like with opc.https there is a “secure channel” that is shared with all Sessions, so the concept technically “exist” (though no-one should use opc.https unless no alternatives). In the opc.tcp world I believe I have never seen that there would be more than a single Session per SecureChannel.

In short, no way to do that with the SDK. In a bit longer way, technically it might be doable in the pure stack layer, but that is pretty useless for 99% of the stuff so the answer is pretty much a no. It is quite fundamental design of the SDK that UaClient opens the connection, makes securechannel (in opc.https this is just the tls connection) and then the session. So in short I’m not sure even when and how we would support this (assuming that it is allowed in the first place).

Regradless, that limitation is … odd and potentially dangerous. Best would be to recommend them to remove it (e.g. link to this post etc.). Or the very least I would be looking for a _very good reason_ to have to have a limitation like this. Also the limitation might be a bit different, but assuming it “as is” as you said, that would make a connection loss an unrecoverable scenario, which would be quite bad. Also, the securechannel must be renewed periodically (but this is done within the same connection).

A reconnect would try to do a new connection and a new securechannel, then try to activate the old Session via ActivateSession. IF the old connection+channel would not be removed by the server side, it could potentially prevent reconnecting within the timeout period of the channel (if only one channel per cert).

Also, that limitation would make it impossible to have a redundant client (as they most likely would share the certificate, at least in some scenarios).

P.S.
Also, the reverse connect functionality of OPC UA had some wording that clients might use more than a single session, so that might prevent even some normal clients to work, though I have not seen clients like this. In short, I’m not sure is it within OPC UA’s scope to limit how many SecureChannels a given application can open to a server.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
16 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 735

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1523

Posts: 6449

Newest Members:

rust, christamcdowall, redaahern07571, nigelbdhmp, travistimmons, AnnelCib, dalenegettinger, howardkennerley, Thomassnism, biancacraft16

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1026, Jimmy Ni: 26, Matti Siponen: 346, Lusetti: 0

Administrators: admin: 1