08/16/2019
Hi,
We came across a OPC Server (with Nano profile) having empty string for securityPolicyUri in EndpointDescritpion.
As specified in a test case in Compliance Test Tool, we reject the connection to this server. However, we observed that some other clients allow connection. There are two possibilities: that client is not OPC-complaint OR we might be handling it incorrectly.
When securityPolicyUri is null, we consider the Security Mode as None. Can we do the same if it is empty, and allow connection to such server?
Thanks,
Deepali
Moderators
Moderators-Specifications
Moderators-Companion
Moderators-Implementation
Moderators-Certification
Moderators-ProductsServices
07/11/2017
Hi Deepali,
OPC UA does describe that null and empty are usually treated the same as not all programming languages can easily separate them.
Having that said, I would need to have some more details on the exact parameter set to provide a more detailed feedback. Could you provide the list of all parameters of the EndpointDescription so I can see if the server is doing something wrong?
Could you help me identify the exact test case in the CTT you are referring too, so I can see if the test case needs an update?
Regards,
Alexander Allmendinger
08/16/2019
Hi Alexander,
Below is the EndpointDescription object. And the test case I was talking about is: Discovery Client Get Endpoints Basic Err-022.js – Endpoints[0].SecurityPolicyUri is Empty.
(EndpointDescription)EndpointDescription: EndpointDescription
EndpointUrl=opc.tcp://host-ip:port/Test/NanoServer
Server=ApplicationDescription
ApplicationUri=urn://localhost/Test/NanoServer
ProductUri=uri://Test/NanoServer
ApplicationName=() NanoServer
ApplicationType=ApplicationType Server
GatewayServerUri=null
DiscoveryProfileUri=null
DiscoveryUrls=class java.lang.String[1]
[0]=opc.tcp://host-ip:port/Test/NanoServer
ServerCertificate=null
SecurityMode=MessageSecurityMode None
SecurityPolicyUri=https://opcfoundation.org/UA/SecurityPolicy#None
UserIdentityTokens=class org.opcfoundation.ua.core.UserTokenPolicy[1]
[0]=UserTokenPolicy
PolicyId=0
TokenType=UserTokenType Anonymous
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=
TransportProfileUri=https://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel=10
However I realized that its not the EndpointDescription SecurityPolicyUri that is empty, but the SecurityPolicyUri in UserTokenPolicy. This is resulting in Bad_SecurityPolicyRejected .. causing the connection to be rejected.
Thanks,
Deepali
1 Guest(s)