Server with SecurityPolicy None disabled by default | OPC UA Standard | Forum

Lost password?

Home Forum OPC UA Standard Server with SecurityPolicy None dis…

Server with SecurityPolicy None disabled by default

Jonas Green

Halmstad, Sweden

Member

Members

Forum Posts: 23

Member Since:
05/24/2017

Offline

12/13/2018 - 00:46

Hi,

I'm developing a product where I would like to keep the SecurityPolicy None disabled by default (as recommended in Part 2, chapter 4.7). To my understanding I still need to support a "Discovery endpoint" to allow clients performing the Discovery services GetEndpoints, FindServers and FindServersOnNetwork without security.

I have a couple of questions that I can't sort out in the specifications:

Shall the Discovery Endpoint be listed among the EndpointsDescriptions in the GetEndpoints response and in the CreateSession response?
Shall the CreateSession request be denied when using the Discovery Endpoint or is it enough to deny the client to activate a session on the Discovery Endpoint?

Randy Armstrong

Admin

Forum Posts: 1564

Member Since:
05/30/2017

Offline

12/14/2018 - 09:27

This feature is usually handled by the stack.

The typical implementation checks the security policy on the open secure channel request.

If the policy is None and None is not allowed a special securechannel is opened that will only allow the FindServers and GetEndpoints requests and returns BadSecurityPolicyRejected for other request types.

The application layer would never receive notifications that a CreateSession request was received.

See:

https://github.com/OPCFoundati.....Channel.cs

Search for "DiscoveryOnly".

Forum Timezone: America/Phoenix

Most Users Ever Online: 510

Currently Online:

Guest(s) 29

Currently Browsing this Page:
1 Guest(s)