Professional OPC
Development Tools

logos

Using Sign and Encrypt with Basic256

More
17 Dec 2017 11:22 #5741 by support
Thank you for the information. I do not see anything with your code now, and I also understand that UaExpert shows the Sign&Encrypt endpoint - but the error message on our side seems to indicate that the only endpoint returned to us was with security None.

In order to find out the reason, can you please attach a handler to the LogEntry event on the EasyUAClientConfiguration object, and send us all the event texts produced while running your code? There is a good chance that it will tell us more about the cause. An example code for this is in the Delphi examples under _EasyUAClientConfiguration.LogEntry.Main.inc ( opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ClientConfigurationEvents.html ).

If the LogEntry infos will not help, the next step would be to obtain Wireshark communication logs.

Best regards

Please Log in or Create an account to join the conversation.

More
15 Dec 2017 14:40 #5737 by Davidw201
Hello,
thank you for answering!
I just tried to pass the config directly to the client config:
EasyUAClientConfiguration := TEasyUAClientConfiguration.Create(nil);
EasyUAClientConfiguration.AdaptableParameters.SessionParameters.EndpointSelectionPolicy.AllowedMessageSecurityModes := UAMessageSecurityModes_SecuritySignAndEncrypt;
EasyUAClientConfiguration.AdaptableParameters.SessionParameters.UserIdentity.UserNameTokenInfo.UserName := OPCUserName;
EasyUAClientConfiguration.AdaptableParameters.SessionParameters.UserIdentity.UserNameTokenInfo.Password := OPCPassword;
MyUAClient := TEasyUAClient.Create(nil);
but I get the same error as I posted.

In the Image you can see how UaExpert shows the endpoint. It seems that the config server is ok.

Thank you!
Kind regards
David
Attachments:

Please Log in or Create an account to join the conversation.

More
14 Dec 2017 10:34 #5732 by support
The response from the server indicates that it only exposes a single, non-secured endpoint. So you need to configure the server first to expose secured endpoint(s).

I do quite believe that the very same works from the UaExpert. Are you connecting to precisely the same endpoint? When you use UaExprt, does it actually SHOW you the secure endpoint and allow you to select between these different endpoint configurations, or do you have to explicitly tell it the parameters of the endpoint?

Also note that (at least in the code snippet provided), the UAEndPointSelectionPolicy object that you created and configured is not assigned to anything, and therefore any changes to it have no significance - it is just an "in-memory" piece of data. You should either assign it to its place in EasyUAClientConfiguration or in the UAEndpointDescriptor, *or* (better) you actually do not have to create mew instances of this. You can simply access the existing UAEndpointSelectionPolicy in the configuration or in the endpoint descriptor, and change its properties right there.

Best regards

Please Log in or Create an account to join the conversation.

More
14 Dec 2017 09:50 #5731 by Davidw201
Hello,
using the lib for Delphi2010 I'm trying to connect to a Siemens S7 OPC UA server. Since the server only accept sign and encrypted connections with Basic256 I can't establish a connection. If the server allows connections without sign and encrypt, it works.

With UaExpert I can connect using this config: Security Policy = Basic256; Message Security Mode = Sign & Encrypt.

When I try to connect with the folling code:
MyUAClient := TEasyUAClient.Create(nil);
EasyUAClientConfiguration := TEasyUAClientConfiguration.Create(nil);
 
aUserIdentity := TUserIdentity.Create (nil);
aUserIdentity.UserNameTokenInfo.UserName := OPCUserName;
aUserIdentity.UserNameTokenInfo.Password := OPCPassword;
 
UAEndPointSelectionPolicy := TUAEndPointSelectionPolicy.Create(nil);
UAEndPointSelectionPolicy.AllowedMessageSecurityModes := UAMessageSecurityModes_SecuritySignAndEncrypt;
// UAEndPointSelectionPolicy.MessageSecurityPreference := _sign.positive; don't work 
// after searching for the constant  _sign.positive I've tried to use 1 or 0 or -1  instead:
UAEndPointSelectionPolicy.MessageSecurityPreference := 1;
 
EasyUAClientConfiguration.AdaptableParameters.SessionParameters.UserIdentity := aUserIdentity.DefaultInterface;

I get this message:

Cannot select the best (or any) endpoint for OPC-UA client session. No suitable endpoint has been found. The server returned 1 endpoint(s).
There are several configurable settings that influence which endpoints are eligible for selection, such as the endpoint selection policy, and also parameters that influence how thorough checks of the information returned by the server are made. You may need to change the endpoint selection policy, or the additional parameters, in order to be able to connect. If you are unsure about what is causing all endpoints to be rejected, analyze the log entries generated by the component.
Candidate selection report follows.
[0:ValidNotEligible(SecurityMode(None, NotAllowed))]
Fehler: Cannot select the best (or any) endpoint for OPC-UA client session. No suitable endpoint has been found. The server returned 1 endpoint(s).
There are several configurable settings that influence which endpoints are eligible for selection, such as the endpoint selection policy, and also parameters that influence how thorough checks of the information returned by the server are made. You may need to change the endpoint selection policy, or the additional parameters, in order to be able to connect. If you are unsure about what is causing all endpoints to be rejected, analyze the log entries generated by the component.
Candidate selection report follows.
[0:ValidNotEligible(SecurityMode(None, NotAllowed))]


Do you have an idea what the problem can be?
Thanks.

Kind regards
David

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.169 seconds

      

 Recommend this on Google