View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0010198CTT UA Scripts1 - Script Issuepublic2025-03-06 16:502025-06-03 01:54
ReporterAlexander Allmendinger Assigned ToSebastian Allmendinger  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Fixed in Version1.04.509 
Summary0010198: buildUserNameIdentityToken - error encrypting the password!
Description

The CTT changes the g.ServerCapabilities.ServerCertificate on different occasions. There appears to be something wrong in some cases which results in a BadInvalidArgument of the UaCryptoProvider when trying to encrypt the password and then sends a null password instead.

Additional Information

This can be reproduced with the Milo SDK.

TagsNo tags attached.
Files Affected

/library/Base/identity.js

Activities

Paul Hunkar

2025-05-02 16:01

administrator   ~0022700

Based on notes - this appears to be an issue when security policy is None, but in the security group there are discussion about if for security policy none anything but Anonymous should be allow. I think before we fix this issue we should first sort out what is actually allowed for security Policy None

Alexander Allmendinger

2025-05-02 18:31

developer   ~0022702

When the security working decides on a specific limits for the UserTokens when using SecurityPolicy None we really should be adding specific testing to test for those requirements. With those special tests for the requirements there wouldn't be a need to delay this change until the is decided. I would suggest to resolve the mantis and allow the CTT to handle the current situation.

Sebastian Allmendinger

2025-05-31 09:21

developer   ~0022832

With the current implementation, the CTT tried to encrypt the password of a Username-UserToken with the ServerCertificate returned in CreateSession.
If the server doesn't provide a certificate in a SecureChannel with SecurityPolicy#None, encrypting failed. As a fallback, the CTT now uses the ServerCertificate provided in the EndpointDescription returned in GetEndpoints, allowing the CTT to connect to servers that may not be fully compliant.

Paul Hunkar

2025-06-03 01:54

administrator   ~0022863

after off-line code reviews all agreed to change, issue closed

Issue History

Date Modified Username Field Change
2025-03-06 16:50 Alexander Allmendinger New Issue
2025-04-10 15:28 Paul Hunkar Assigned To => Sebastian Allmendinger
2025-04-10 15:28 Paul Hunkar Status new => assigned
2025-05-02 16:01 Paul Hunkar Note Added: 0022700
2025-05-02 18:31 Alexander Allmendinger Note Added: 0022702
2025-05-31 09:04 Sebastian Allmendinger Files Affected => /library/Base/identity.js
2025-05-31 09:21 Sebastian Allmendinger Status assigned => resolved
2025-05-31 09:21 Sebastian Allmendinger Resolution open => fixed
2025-05-31 09:21 Sebastian Allmendinger Note Added: 0022832
2025-06-03 01:54 Paul Hunkar Status resolved => closed
2025-06-03 01:54 Paul Hunkar Fixed in Version => 1.04.509
2025-06-03 01:54 Paul Hunkar Note Added: 0022863