Empty securityPolicyUri|OPC UA Standard|Forum|OPC Foundation

Avatar
sp_LogInOut Log In
sp_Search Search
Advanced Search
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Search Search
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Empty securityPolicyUri
Avatar
Deepali Ahirrao
Member
Members
Forum Posts: 25
Member Since:
08/16/2019
sp_UserOfflineSmall Offline
1
03/22/2022 - 04:29
sp_Permalink sp_Print sp_EditHistory

Hi,

We came across a OPC Server (with Nano profile) having empty string for securityPolicyUri in EndpointDescritpion.

As specified in a test case in Compliance Test Tool, we reject the connection to this server. However, we observed that some other clients allow connection. There are two possibilities: that client is not OPC-complaint OR we might be handling it incorrectly. 

When securityPolicyUri is null, we consider the Security Mode as None. Can we do the same if it is empty, and allow connection to such server?  

 

Thanks,

Deepali

Avatar
Alexander Allmendinger
Germany
Moderator
Members

Moderators

Moderators-Specifications

Moderators-Companion

Moderators-Implementation

Moderators-Certification

Moderators-ProductsServices
Forum Posts: 66
Member Since:
07/11/2017
sp_UserOfflineSmall Offline
2
03/23/2022 - 09:04
sp_Permalink sp_Print

Hi Deepali,

OPC UA does describe that null and empty are usually treated the same as not all programming languages can easily separate them.

Having that said, I would need to have some more details on the exact parameter set to provide a more detailed feedback. Could you provide the list of all parameters of the EndpointDescription so I can see if the server is doing something wrong?

Could you help me identify the exact test case in the CTT you are referring too, so I can see if the test case needs an update?

Regards,
Alexander Allmendinger

Avatar
Deepali Ahirrao
Member
Members
Forum Posts: 25
Member Since:
08/16/2019
sp_UserOfflineSmall Offline
3
03/23/2022 - 22:07
sp_Permalink sp_Print

Hi Alexander,

Below is the EndpointDescription object. And the test case I was talking about is: Discovery Client Get Endpoints Basic Err-022.js - Endpoints[0].SecurityPolicyUri is Empty.

(EndpointDescription)EndpointDescription: EndpointDescription
EndpointUrl=opc.tcp://host-ip:port/Test/NanoServer
Server=ApplicationDescription
   ApplicationUri=urn://localhost/Test/NanoServer
   ProductUri=uri://Test/NanoServer
   ApplicationName=() NanoServer
   ApplicationType=ApplicationType Server
   GatewayServerUri=null
   DiscoveryProfileUri=null
   DiscoveryUrls=class java.lang.String[1]
      [0]=opc.tcp://host-ip:port/Test/NanoServer
ServerCertificate=null
SecurityMode=MessageSecurityMode None
SecurityPolicyUri=https://opcfoundation.org/UA/SecurityPolicy#None
UserIdentityTokens=class org.opcfoundation.ua.core.UserTokenPolicy[1]
   [0]=UserTokenPolicy
   PolicyId=0
   TokenType=UserTokenType Anonymous
   IssuedTokenType=null
   IssuerEndpointUrl=null
   SecurityPolicyUri=
TransportProfileUri=https://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel=10

However I realized that its not the EndpointDescription SecurityPolicyUri that is empty, but the SecurityPolicyUri in UserTokenPolicy. This is resulting in Bad_SecurityPolicyRejected .. causing the connection to be rejected. 

 

Thanks,

Deepali

Avatar
Deepali Ahirrao
Member
Members
Forum Posts: 25
Member Since:
08/16/2019
sp_UserOfflineSmall Offline
4
03/28/2022 - 00:36
sp_Permalink sp_Print

Hi Alexander,

How do we handle the above scenario .. Should we allow the session to be activated or not?

Regards,

Deepali

sp_Feed
Go to top
Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online:
Guest(s) 38
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1354
Posts: 4583