Skip to content

Aggregation Server throws Exception when i use UserTokenPolicy as 'Certificate' only #658

New issue
New issue
Open
Open
Aggregation Server throws Exception when i use UserTokenPolicy as 'Certificate' only#658
@nevrotkampot

Description

@nevrotkampot
nevrotkampot
opened on Mar 10, 2025

Type of issue

  • Bug
  • Enhancement
  • Compliance
  • Question
  • Help wanted

Current Behavior

Aggregation Server could not connect to other server when UserIdentityTokens contains only one UserTokenPolicy with UserTokenType 'Certificate_2' .
Exception throws in during 'UpdateMetadata' , cause calling 'GetClientSession' with null context in the AggregationNodeManager class. In the first time it create new Session and validate User token as Anonymous Token Type.. but it not does not match my server configuration.
See this : Code link

My Server Configuration (ComServerWrapper for example):

<BaseAddresses>
     <ua:String>opc.tcp://localhost:48400/UA/ComServerWrapper</ua:String>
    </BaseAddresses>
    <SecurityPolicies>
      <ServerSecurityPolicy>
        <SecurityMode>None_1</SecurityMode>
        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#None</SecurityPolicyUri>
      </ServerSecurityPolicy>
    </SecurityPolicies>

    <UserTokenPolicies>
      <!-- Allows user certificates -->
      <ua:UserTokenPolicy>
        <ua:TokenType>Certificate_2</ua:TokenType>
        <ua:SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</ua:SecurityPolicyUri>
      </ua:UserTokenPolicy>
    </UserTokenPolicies>

And AggregationServer Configuration ( endpoint only):

 <ua:ConfiguredEndpoint>
           <ua:Endpoint>
             <EndpointUrl>opc.tcp://192.168.50.183:48400/UA/ComServerWrapper</EndpointUrl>
             <SecurityMode>None_1</SecurityMode>
             <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#None</SecurityPolicyUri>
             <UserIdentityTokens>
               <UserTokenPolicy>
                 <TokenType>Certificate_2</TokenType>
               </UserTokenPolicy>
             </UserIdentityTokens>
             <TransportProfileUri>http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary</TransportProfileUri>
           </ua:Endpoint>
           <ua:UpdateBeforeConnect>true</ua:UpdateBeforeConnect>
           <ua:SelectedUserTokenPolicy>0</ua:SelectedUserTokenPolicy>
       </ua:ConfiguredEndpoint>

I see following Exception:

Description: [AggregateException] One or more errors occurred. (Endpoint does not support the user identity type provided.)

One or more errors occurred. (Endpoint does not support the user identity type provided.)
--- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
--- at System.Threading.Tasks.Task1.GetResultCore(Boolean waitCompletionNotification) --- at System.Threading.Tasks.Task1.get_Result()
--- at AggregationServer.AggregationNodeManager.GetClientSession(ServerSystemContext context) in \AggregationNodeManager.cs:line 1265

Endpoint does not support the user identity type provided.
--- at Opc.Ua.Client.Session.OpenValidateIdentity(IUserIdentity& identity, UserIdentityToken& identityToken, UserTokenPolicy& identityPolicy, String& securityPolicyUri, Boolean& requireEncryption)
--- at Opc.Ua.Client.Session.OpenAsync(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList1 preferredLocales, Boolean checkDomain, CancellationToken ct) --- at Opc.Ua.Client.Session.Create(ISessionInstantiator sessionInstantiator, ApplicationConfiguration configuration, ITransportWaitingConnection connection, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList1 preferredLocales, CancellationToken ct)
--- at Opc.Ua.Client.Session.Create(ISessionInstantiator sessionInstantiator, ApplicationConfiguration configuration, ReverseConnectManager reverseConnectManager, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 sessionTimeout, IUserIdentity userIdentity, IList`1 preferredLocales, CancellationToken ct)
========================================
Id: BadNotConnected
Description: Server not connected.
Server not connected.
--- at AggregationServer.AggregationNodeManager.GetClientSession(ServerSystemContext context) in \AggregationNodeManager.cs:line 1329
--- at AggregationServer.AggregationNodeManager.DoMetadataUpdate(Object state) in \AggregationNodeManager.cs:line 1377
========================================

Expected Behavior

No response

Steps To Reproduce

  1. Compiling sample ComServerWrapper(or other ReverseConnectServer for example)
  2. Assign parameters for ComServerWrapper (like EndpointUrl, SecurityMode, etc.) in xml ( into 'Extensions' tag for ComServerWrapper)
  3. Set accept only Certificate_2 in xml
  4. Compiling sample AggregationServer
  5. Assign appropriate parameters to ComServerWrapper (like EndpointUrl, SecurityMode, etc.) in xml ( into 'Extensions' tag for AggregationServer)
  6. Comment out all UserTokens into UserIdentityTokens tag leave only 'Certificate_2'
  7. See exception thrown while doing DoMetadataUpdate

Environment

- OS:Windows and Linux
- Environment:Visual Studio 2022
- Runtime:.NET 6
- Nuget Version:1.4
- Component:OPC.Ua.Core 1.5.374.158
- Server:Com Server Wrapper
- Client: Aggregation Server

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions