Log In
Home
11/15/2019
Offline
Hi Team,
I am trying to test OPC client for Discovery services. Where there is one test case which says -
TestCase: GetEndpoints: Response includes at least one endpoint where userIdentityTokens.tokenType is ISSUEDTOKEN_3 but userIdentityTokens.issuedtokenType is empty.
Expected: Client logs and/or displays an error to the end-user about misbehaving server and does not use the endpoint for a connection. The endpoint is not displayed or is displayed while being identified in error state.
Since we haven't added support for IssuedIdentityToken, the above mentioned test case is not applicable for certification.
But, after reading the above test case, there is a question in my mind, since we have added support for securing our client by Certificates,
1. Is it necessary to implement X509IdentityToken feature ?
2. Will not implementing this feature impact security of an OPC client ?
3. Is it necessary to have support for all 4 types of UserIdentityTokens ?
FYI: We are using opc-stack-1.4.1.jar & simulation servers for testing our client.
05/30/2017
Offline
If the profile you are testing with requires it then it is mandatory.
Not implementing it would mean your client could not be used in some systems where they use certificates and smart cards for authentication instead of relying on user names and password.
11/15/2019
Offline
Sorry for delayed reply & Thank you for quick response.
Can we say that X509IdentityToken is used for certificate & IssuedIdentityToken is for Smart Card authentication ? And since, we're supporting certificate authentication, we must implement X509IdentityToken ?
05/30/2017
Offline
X509IdentityToken is for smart cards.
IssuedIdentityTokens are for JSON Web Tokens.
11/15/2019
Offline
Thank you Randy.
I understood about IssuedIdentityTokens. But, still didn't understand about X509IdentityToken ? Isn't this X509 in X509IdentityToken is related to X.509 Certificate ?
Currently, there is no way in our client to connect Smart Cards. Could you please elaborate this in more details ?
05/30/2017
Offline
Many organizations issue X509 certificates to their users. In some cases, the private key for the X509 is stored on a smart card but it is not a requirement. As a server developer you may not be in control how the factory owner manages user credentials. For that reason, supporting X509 user identity tokens are a good idea.
1 Guest(s)
Usage Policy