View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0004732Compliance Test Tool (CTT) Unified Architecture1 - Script Issuepublic2019-04-17 06:482020-04-17 15:55
ReporterBernd Edlinger Assigned ToSebastian Allmendinger  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version1.03.341.394 
Summary0004732: Security User Name Password/initialize.sh fails
Description

I configured the test server to use Sign/Basic256Sha256 + UserNamePassword/Basic256Sha256

The error message prints IssuedTokenType but the first one is actually Anonymous and the second one is UserName

Error: UserIdentityToken 'UserName' not found in GetEndpoints.
UserName/Password is REQUIRED behavior, even for a Nano Server (the smallest of all Servers).
Endpoints received:
0 SecurityMode: 2; UserIdentityTokens #2
0 = PolicyId: 0, TokenType: 0, IssuedTokenType: , IssuerEndpointUrl: , SecurityPolicyUri:
[1] = PolicyId: 1, TokenType: 1, IssuedTokenType: , IssuerEndpointUrl: , SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256

The getEndpointResponse looks correct:

OpcUa Binary Protocol
Message Type: MSG
Chunk Type: F
Message Size: 1408
SecureChannelId: 1
Security Token Id: 1
Security Sequence Number: 1024
Security RequestId: 2
OpcUa Service : Encodeable Object
TypeId : ExpandedNodeId
GetEndpointsResponse
ResponseHeader: ResponseHeader
Endpoints: Array of EndpointDescription
ArraySize: 1

                EndpointUrl: opc.tcp://w-ed1:4880/Softing/NanoUaServer
                Server: ApplicationDescription
                ServerCertificate: 3082039130820279a003020102021013eb9f599c4de34fb3...
                MessageSecurityMode: Sign (0x00000002)
                SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
                UserIdentityTokens: Array of UserTokenPolicy
                    ArraySize: 2
                    [0]: UserTokenPolicy
                        PolicyId: 0
                        UserTokenType: Anonymous (0x00000000)
                        IssuedTokenType: [OpcUa Null String]
                        IssuerEndpointUrl: [OpcUa Null String]
                        SecurityPolicyUri: [OpcUa Empty String]
                    [1]: UserTokenPolicy
                        PolicyId: 1
                        UserTokenType: UserName (0x00000001)
                        IssuedTokenType: [OpcUa Null String]
                        IssuerEndpointUrl: [OpcUa Null String]
                        SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
                TransportProfileUri: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
                SecurityLevel: 20
Steps To Reproduce

Let me know if you want a test server with that special configuration.

TagsNo tags attached.
Files Affected

Activities

Bernd Edlinger

2019-04-17 08:11

reporter   ~0010210

the culprit is at line 52..53 of maintree/Security/Security User Name Password/Test Cases/initialize.js:

epSecureChNone  = UaEndpointDescription.Find( { Endpoints: gServerCapabilities.Endpoints, SecurityMode: MessageSecurityMode.None, TokenType: UserTokenType.UserName, FilterHTTPS: true } );
epSecureEncrypt = UaEndpointDescription.Find( { Endpoints: gServerCapabilities.Endpoints, SecurityMode: MessageSecurityMode.SignAndEncrypt, TokenType: UserTokenType.UserName, FilterHTTPS: true, MostSecure: true } );

since I have only securitymode sign, neither of these security modes will be defined.
But the configuration is perfectly valid.

Paul Hunkar

2019-04-19 15:41

administrator   ~0010214

this is the key Sign/Basic256Sha256 - it is sign only

Sebastian Allmendinger

2020-02-11 11:40

developer   ~0011571

If no secure endpoint using MessageSecurityMode S&E can be found the CU is now looking for secure endpoints using MessageSecurityMode Sign only. If no secure endpoint is available which provides an UserIdentityToken UserName the CU is skipped.

Paul Hunkar

2020-04-17 15:55

administrator   ~0011946

reviewed in CMP meeting

Issue History

Date Modified Username Field Change
2019-04-17 06:48 Bernd Edlinger New Issue
2019-04-17 08:11 Bernd Edlinger Note Added: 0010210
2019-04-19 15:41 Paul Hunkar Note Added: 0010214
2019-04-19 15:41 Paul Hunkar Assigned To => Alexander Allmendinger
2019-04-19 15:41 Paul Hunkar Status new => assigned
2019-12-19 10:43 Sebastian Allmendinger Assigned To Alexander Allmendinger => Sebastian Allmendinger
2020-02-11 11:40 Sebastian Allmendinger Status assigned => resolved
2020-02-11 11:40 Sebastian Allmendinger Resolution open => fixed
2020-02-11 11:40 Sebastian Allmendinger Fixed in Version => 1.03.341.394
2020-02-11 11:40 Sebastian Allmendinger Note Added: 0011571
2020-04-17 15:55 Paul Hunkar Status resolved => closed
2020-04-17 15:55 Paul Hunkar Note Added: 0011946