Reputation: 35
User Token Type in OPC UA
What is the User Token Type in OPC UA? Why is this important, how do I know the User Token Type from the server, and add this in client to connect to the server?
Upvotes: 3
Views: 3101
Answers (2)
Reputation: 71
I will answer your question in two parts.
Part 1:
What is the User Token Type in OPC UA? Why is this important?
Part 2:
How do I know the User Token Type from the server, and add this in client to connect to the server?
Part 1: This comes under the topic of user authentication, i.e. when a user is trying to connect from an OPC UA Client to an OPC UA Server, the OPC UA server needs to confirm the identity of the user before allowing the connection from the OPC UA client.
There are four ways in which user authentication is specified in OPC UA and ‘UserTokenType’ is an enumeration specified with the values 0, 1, 2 and 3 for those four ways:
Anonymous
- Connect without any credentials – can be useful during developer test/debug sessions
- Should not to be used for deployments in the field
- UserIdentityToken used is ‘AnonymousIdentityToken’
UserName
- Username and password
- The password may be encrypted by the client depending on the UserTokenPolicy used
- UserIdentityToken used is ‘UserNameIdentityToken’
Certificate
- X.509 v3 certificate
- The certificate can include a signature depending on the UserTokenPolicy used
- UserIdentityToken used is ‘X509IdentityToken’
IssuedToken
- Text or binary token issued by an external authorization service
- The token data may be encrypted by the client depending on the UserTokenPolicy used
- UserIdentityToken used is ‘IssuedIdentityToken’
Part 2: This wireshark trace contains the sequence of GetEndpointsRequest/GetEndpointsResponse between an OPC UA client and an OPC UA server. As you can see, the getEndpointResponse packet provides information on userTokens supported by the server. Specifically in this image, you can see that 'Anonymous' and 'UserName' are supported in a sample implementation.
Here you can see a list of some open source OPC UA stacks that also provide related sample application code that you can try out:
- open62541 – https://open62541.org/certified-sdk.html – C stack | Mozilla License | Embedded ready | TSN ready
- NodeOPCUA – https://node-opcua.github.io/ – NodeJS | MIT License | Cloud ready
- FreeOpcUa – https://github.com/FreeOpcUa/freeopcua – C++ | LGPL-3.0 License | Python bindings
- UA .NET stack – https://github.com/OPCFoundation/UA-.NETStandard – RCL License for corporate members of OPC Foundation & GPL 2.0 for others | Standard profile | Web oriented implementation
If you are looking for more hands-on information, you can check out these resources
- Free documentation: You can look at the open source documentation page: https://open62541.org/doc/current/
- Paid online course: Practical introduction to OPC UA – code walk-through and examples in this course use the open62541 stack: https://opcfoundation.org/products/view/practical-introduction-to-opc-ua-part-i
Upvotes: 7
Reputation: 7005
UserTokenType enumerates various authentication mechanisms (anonymous, username/password, x509, etc...)
Each endpoint you get from a server contains an array of UserTokenPolicy describing an authentication mechanism supported by that endpoint.
Upvotes: 0
Related Questions
- OPC UA How to read a datatype from the server
- UA OPC Server data types
- Is Opc UA Really Platform Independent?
- OPC UA server client on raspberry pi2
- OPC UA unique ID
- Content-type for token request in OAuth2
- which file formats does opc ua server support?
- Opc Ua client documentation
- Why isn't Opc.Ua.UserIdentity sending the password cleanly to the OPC server?
- Handling UAC Administrative Token