I use opc ua server on raspberry pi and I have one question: is there possibility to implement user authorization or any other way to limit user's acess to some data/features?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm investigating the same. Currently, the OPC server running in CODESYS V3 appears to allow any client to connect without authentication. They can then view the full tree, and read/write variables. This is very problematic. There are no options in the IDE that I can find for configuring the server, it is simply enabled in the Symbol Configuration. It appears the controller has an X.509 certificate but it doesn't require anything from the client. Does anyone have more information? The online videos from 3S worked to get me this far but they connected without authentication.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
This Q&A is very helpful to me.
e.kislov's link says Codesys implements a user authentication with a password.
I think that Codesys does not implement user authentication with X.509 certification so far. Am I right?
My environment is Codesys V3.5 SP15 and raspberry pi
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks, i-campbell.
I've already tried the procedures i-campbell's link and worked well.
But I think it is application authentication, not a user authentication. The reason is that when I checked UserTokenPolicy of the OPC UA server with UaExpert, I found UserPassword and Anonymous but couldn't find "X509 certificate" in the PolicyId and TokenType(Codesys_usertokenpolicy.png).
So I couldn't connect with the certificate using UAExpert Authentication settings (Authentication_settings.png). The response message was "BadConfigurationError."
On the other hand, when I connected to another OPC Server (Takebishi DeviceXplorer), "X509 certificate" appeared in the "UserTokenPolicy." (DeviceXplorer_usertokenpolicy.png)
Hi
I use opc ua server on raspberry pi and I have one question: is there possibility to implement user authorization or any other way to limit user's acess to some data/features?
I'm investigating the same. Currently, the OPC server running in CODESYS V3 appears to allow any client to connect without authentication. They can then view the full tree, and read/write variables. This is very problematic. There are no options in the IDE that I can find for configuring the server, it is simply enabled in the Symbol Configuration. It appears the controller has an X.509 certificate but it doesn't require anything from the client. Does anyone have more information? The online videos from 3S worked to get me this far but they connected without authentication.
Hi,
you are right, but the good news is:
This will be released with 3.5SP13 26th June.
BR
Edwin
I'm Currently setting up an OPC UA on 3.5 SP13, however I'm looking to see where you implement user and password authentication.
Is there anyone out there who can help?
Hi,
I would start here:
https://help.codesys.com/webapp/_cds_ru ... n=3.5.14.0
BR
Edwin
So, is it possible to add user authentication in OPC UA? (raspberry pi + Codesys)
How do we do it?
Anyone?
Check this:
https://faq.codesys.com/display/CDSFAQ/ ... igurations m
Hi,
This Q&A is very helpful to me.
e.kislov's link says Codesys implements a user authentication with a password.
I think that Codesys does not implement user authentication with X.509 certification so far. Am I right?
My environment is Codesys V3.5 SP15 and raspberry pi
What?? No, certificates are the preferred method. It is not in the FAQ, because it is not frequently asked. It is not frequently asked because it is fully described in the help.
https://help.codesys.com/webapp/_cds_runtime_opc_ua_server;product=codesys;version=3.5.15.0
Last edit: i-campbell 2020-04-11
Thanks, i-campbell.
I've already tried the procedures i-campbell's link and worked well.
But I think it is application authentication, not a user authentication. The reason is that when I checked UserTokenPolicy of the OPC UA server with UaExpert, I found UserPassword and Anonymous but couldn't find "X509 certificate" in the PolicyId and TokenType(Codesys_usertokenpolicy.png).
So I couldn't connect with the certificate using UAExpert Authentication settings (Authentication_settings.png). The response message was "BadConfigurationError."
On the other hand, when I connected to another OPC Server (Takebishi DeviceXplorer), "X509 certificate" appeared in the "UserTokenPolicy." (DeviceXplorer_usertokenpolicy.png)
I'm not sure this is the guide for user authentication, but I also tried user authentication with a certificate based on the following link, but it did not work.
https://help.codesys.com/webapp/_cds_cmd_cyber_screen;product=codesys;version=3.5.15.0
Last edit: watarium 2020-04-12