Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Security Policy/Message Security Questions
May 6, 2013
19:45, EEST
Avatar
TimK
Member
Members
Forum Posts: 41
Member Since:
June 27, 2012
sp_UserOfflineSmall Offline

I’m working on security configuration. I’m planning to support None, Basic128Rsa15, and Basic256 policies, and None, Sign, and Sign&Encrypt message modes.
By default, I’m passing all nine combinations of those three to server.setSecurityModes(), and that seems to work okay, although I’m using None/None on the client.

When I change the server configuration to remove None from both lists, and change the client side configuration to Basic128/SignAndEncrypt, I’m seeing a problem when I try to connect with UA Expert:
2013-05-06 15:41:28,560[Non-Blocking-Work-Executor-7] INFO – UATcpServer(/127.0.0.1:52520): /127.0.0.1:43827 connected
2013-05-06 15:41:28,562 [Non-Blocking-Work-Executor-1] WARN – Security policy “http://opcfoundation.org/UA/SecurityPolicy#None” is not supported by the endpoint
2013-05-06 15:41:28,562 [Non-Blocking-Work-Executor-1] INFO – org.opcfoundation.ua.common.ServiceResultException: Bad_SecurityPolicyRejected (code=0x80550000, description=”Security policy “http://opcfoundation.org/UA/SecurityPolicy#None” is not supported by the endpoint”)

It looks like UA Expert is still trying to connect with None. I’ve tried creating a new server in UA Expert, and also different combinations of policy/message security, and I still get this error. Do you see this problem, too, or am I doing something wrong with the client?

May 7, 2013
6:57, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 946
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Yes this is a known problem with the current Java stack. If you disable None-security, the getEndpoints() service, which is done without security to find out the available endpoints, will also fail.

This will be fixed in the new Java stack 1.02, which is already available from the OPC Foundation and we are preparing a beta release of the SDK based on the new stack as well.

If you send email to our support, I can provide you a “preliminary beta” version of the SDK for testing.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 267

Currently Online:
5 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 122

pramanj: 86

ibrahim: 74

rocket science: 65

kapsl: 57

gjevremovic: 49

Sabari: 46

Xavier: 42

TimK: 41

fred: 41

Member Stats:

Guest Posters: 0

Members: 3344

Moderators: 17

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1300

Posts: 5561

Newest Members:

UPtato42, fblvicky6629601, elliebloomer44, Manuelagibe, justinafavenc54, sarlaman9, nancymcneal1, elztaim591797, JeffreyAidet, sameisenhower7

Moderators: Jouni Aro: 946, Otso Palonen: 32, Tuomas Hiltunen: 5, janimakela: 0, Pyry: 1, Terho: 0, Petri: 0, Bjarne Boström: 836, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 25, Teppo Uimonen: 21, Markus Johansson: 41, Niklas Nurminen: 0, Matti Siponen: 221, Lusetti: 0

Administrators: admin: 1