View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007492 | Compliance Test Tool (CTT) Unified Architecture | 1 - Script Issue | public | 2021-12-23 10:53 | 2022-01-29 14:00 |
| Reporter | Matti Siponen | Assigned To | Paul Hunkar | ||
| Priority | normal | Severity | major | Reproducibility | N/A |
| Status | closed | Resolution | no change required | ||
| Product Version | 1.04.09.400 | ||||
| Summary | 0007492: Session Change User 004.js doesn't specify the desired behavior | ||||
| Description | This test script attempts to change user with ActivateSessionRequest in a way that will cause the Server to respond with Bad_UserAccessDenied. What should happen after that isn't specified in the test script or in Part 4 of the OPC UA specification. | ||||
| Tags | No tags attached. | ||||
| Files Affected | |||||
|
|
The specification describes what should happen - from part 4 "Servers shall take proper measures to protect against attacks on user identity tokens. Such an attack is assumed if repeated connection attempts with invalid user identity tokens happen. One option is to lock out an OPC UA Client for a period of time if the user identity token validation fails several times. The OPC UA Client is either detected by IP address for unsecured connections or by the ApplicationInstanceUri for secured connections. Another option is delaying the Service response when the validation of a user identity fails. This delay time could be increased with repeated failures. Sporadic failures shall not delay connections with valid tokens." So the test case is exercising this paragraph - i.e. one error should not cause a problem (repeated one should cause some action, but the mentioned test case is not for repeated - just a single activate session issue.) The Activatesession shall return an appropriate error, but no effect on the existing session. |
|
|
Reviewed in CMP call - see note |
|
|
agreed and closed in extra call |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-12-23 10:53 | Matti Siponen | New Issue | |
| 2021-12-23 15:50 | Paul Hunkar | Note Added: 0015616 | |
| 2021-12-23 15:51 | Paul Hunkar | Assigned To | => Paul Hunkar |
| 2021-12-23 15:51 | Paul Hunkar | Status | new => resolved |
| 2021-12-23 15:51 | Paul Hunkar | Resolution | open => no change required |
| 2021-12-23 15:51 | Paul Hunkar | Note Added: 0015617 | |
| 2022-01-29 14:00 | Paul Hunkar | Status | resolved => closed |
| 2022-01-29 14:00 | Paul Hunkar | Note Added: 0015889 |
