search

node-opcua / opcua-commander

a opcua client with blessed (ncurses)
MIT License
211 stars 46 forks source link

Cannot find ANONYMOUS user token policy in end point description #39

Closed guenhter closed 3 months ago

guenhter commented 1 year ago

Hi

when I run this OPC-UA sample server https://github.com/locka99/opcua/tree/master/samples/simple-server

Then then try to open the Commander on it, I get this error:

Cannot create session Error: Cannot find ANONYMOUS user token policy in end point description

As described in https://github.com/node-opcua/node-opcua/issues/693 I ran the get_endpoint gist, and here is the output of it:

securityMode        =  1
securityPolicy      =  http://opcfoundation.org/UA/SecurityPolicy#None
05:55:28.255Z :opcua_client_impl             :342   Warning: endpoint_must_exist is now deprecated, use endpointMustExist instead
 connecting to  opc.tcp://127.0.0.1:4855
    strategy {
  initialDelay: 2000,
  maxDelay: 10000,
  maxRetry: 10,
  randomisationFactor: 0
}
endpoint                           Application URI           Product URI                       Application Name      securityLevel  Security Mode   securityPolicyUri                                                 Type    certificate  discoveryUrls
---------------------------------  ------------------------  --------------------------------  --------------------  -------------  --------------  ----------------------------------------------------------------  ------  -----------  -------------------------
opc.tcp://127.0.0.1:4855/          urn:OPC UA Sample Server  urn:OPC UA Sample Server Testkit  OPC UA Sample Server  2              Sign            http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep  Server  ...          opc.tcp://127.0.0.1:4855/
opc.tcp://127.0.0.1:4855/          urn:OPC UA Sample Server  urn:OPC UA Sample Server Testkit  OPC UA Sample Server  12             SignAndEncrypt  http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep  Server  ...          opc.tcp://127.0.0.1:4855/
opc.tcp://127.0.0.1:4855/          urn:OPC UA Sample Server  urn:OPC UA Sample Server Testkit  OPC UA Sample Server  5              Sign            http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss   Server  ...          opc.tcp://127.0.0.1:4855/
opc.tcp://127.0.0.1:4855/          urn:OPC UA Sample Server  urn:OPC UA Sample Server Testkit  OPC UA Sample Server  15             SignAndEncrypt  http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss   Server  ...          opc.tcp://127.0.0.1:4855/
opc.tcp://127.0.0.1:4855/          urn:OPC UA Sample Server  urn:OPC UA Sample Server Testkit  OPC UA Sample Server  1              Sign            http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15          Server  ...          opc.tcp://127.0.0.1:4855/
opc.tcp://127.0.0.1:4855/          urn:OPC UA Sample Server  urn:OPC UA Sample Server Testkit  OPC UA Sample Server  11             SignAndEncrypt  http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15          Server  ...          opc.tcp://127.0.0.1:4855/
opc.tcp://127.0.0.1:4855/          urn:OPC UA Sample Server  urn:OPC UA Sample Server Testkit  OPC UA Sample Server  3              Sign            http://opcfoundation.org/UA/SecurityPolicy#Basic256               Server  ...          opc.tcp://127.0.0.1:4855/
opc.tcp://127.0.0.1:4855/          urn:OPC UA Sample Server  urn:OPC UA Sample Server Testkit  OPC UA Sample Server  13             SignAndEncrypt  http://opcfoundation.org/UA/SecurityPolicy#Basic256               Server  ...          opc.tcp://127.0.0.1:4855/
opc.tcp://127.0.0.1:4855/          urn:OPC UA Sample Server  urn:OPC UA Sample Server Testkit  OPC UA Sample Server  4              Sign            http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256         Server  ...          opc.tcp://127.0.0.1:4855/
opc.tcp://127.0.0.1:4855/          urn:OPC UA Sample Server  urn:OPC UA Sample Server Testkit  OPC UA Sample Server  14             SignAndEncrypt  http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256         Server  ...          opc.tcp://127.0.0.1:4855/
opc.tcp://127.0.0.1:4855/noaccess  urn:OPC UA Sample Server  urn:OPC UA Sample Server Testkit  OPC UA Sample Server  0              None            http://opcfoundation.org/UA/SecurityPolicy#None                   Server  ...          opc.tcp://127.0.0.1:4855/
opc.tcp://127.0.0.1:4855/          urn:OPC UA Sample Server  urn:OPC UA Sample Server Testkit  OPC UA Sample Server  0              None            http://opcfoundation.org/UA/SecurityPolicy#None                   Server  ...          opc.tcp://127.0.0.1:4855/

Identify Token for : Security Mode= Sign  Policy= http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
policyId           tokenType  issuedTokenType  issuerEndpointUrl  securityPolicyUri
-----------------  ---------  ---------------  -----------------  --------------------------------------------------------
anonymous          0          null             null               null
userpass_rsa_oaep  1          null             null               null
x509               2          null             null               http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15

Identify Token for : Security Mode= SignAndEncrypt  Policy= http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
policyId           tokenType  issuedTokenType  issuerEndpointUrl  securityPolicyUri
-----------------  ---------  ---------------  -----------------  --------------------------------------------------------
anonymous          0          null             null               null
userpass_rsa_oaep  1          null             null               null
x509               2          null             null               http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15

Identify Token for : Security Mode= Sign  Policy= http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss
policyId           tokenType  issuedTokenType  issuerEndpointUrl  securityPolicyUri
-----------------  ---------  ---------------  -----------------  --------------------------------------------------------
anonymous          0          null             null               null
userpass_rsa_oaep  1          null             null               null
x509               2          null             null               http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15

Identify Token for : Security Mode= SignAndEncrypt  Policy= http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss
policyId           tokenType  issuedTokenType  issuerEndpointUrl  securityPolicyUri
-----------------  ---------  ---------------  -----------------  --------------------------------------------------------
anonymous          0          null             null               null
userpass_rsa_oaep  1          null             null               null
x509               2          null             null               http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15

Identify Token for : Security Mode= Sign  Policy= http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
policyId         tokenType  issuedTokenType  issuerEndpointUrl  securityPolicyUri
---------------  ---------  ---------------  -----------------  --------------------------------------------------------
anonymous        0          null             null               null
userpass_rsa_15  1          null             null               null
x509             2          null             null               http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15

Identify Token for : Security Mode= SignAndEncrypt  Policy= http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
policyId         tokenType  issuedTokenType  issuerEndpointUrl  securityPolicyUri
---------------  ---------  ---------------  -----------------  --------------------------------------------------------
anonymous        0          null             null               null
userpass_rsa_15  1          null             null               null
x509             2          null             null               http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15

Identify Token for : Security Mode= Sign  Policy= http://opcfoundation.org/UA/SecurityPolicy#Basic256
policyId           tokenType  issuedTokenType  issuerEndpointUrl  securityPolicyUri
-----------------  ---------  ---------------  -----------------  --------------------------------------------------------
anonymous          0          null             null               null
userpass_rsa_oaep  1          null             null               null
x509               2          null             null               http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15

Identify Token for : Security Mode= SignAndEncrypt  Policy= http://opcfoundation.org/UA/SecurityPolicy#Basic256
policyId           tokenType  issuedTokenType  issuerEndpointUrl  securityPolicyUri
-----------------  ---------  ---------------  -----------------  --------------------------------------------------------
anonymous          0          null             null               null
userpass_rsa_oaep  1          null             null               null
x509               2          null             null               http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15

Identify Token for : Security Mode= Sign  Policy= http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
policyId           tokenType  issuedTokenType  issuerEndpointUrl  securityPolicyUri
-----------------  ---------  ---------------  -----------------  --------------------------------------------------------
anonymous          0          null             null               null
userpass_rsa_oaep  1          null             null               null
x509               2          null             null               http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15

Identify Token for : Security Mode= SignAndEncrypt  Policy= http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
policyId           tokenType  issuedTokenType  issuerEndpointUrl  securityPolicyUri
-----------------  ---------  ---------------  -----------------  --------------------------------------------------------
anonymous          0          null             null               null
userpass_rsa_oaep  1          null             null               null
x509               2          null             null               http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15

Identify Token for : Security Mode= None  Policy= http://opcfoundation.org/UA/SecurityPolicy#None

Identify Token for : Security Mode= None  Policy= http://opcfoundation.org/UA/SecurityPolicy#None
policyId       tokenType  issuedTokenType  issuerEndpointUrl  securityPolicyUri
-------------  ---------  ---------------  -----------------  --------------------------------------------------------
anonymous      0          null             null               null
userpass_none  1          null             null               null
x509           2          null             null               http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15

success !!

Any idea why this happens?

Schloemicher commented 1 year ago

I got this error after I messed up providing a password via environment variables.

When no password is provided the anonymous policy is used -> which is unavailable on my server.

erossignon commented 1 year ago

You server has a opc.tcp://127.0.0.1:4855/noaccess anonymoys connection and I suspect that the server reject access.

marutimuthu commented 12 months ago

This error is due to anonymous login being disabled by default in Kepserver.

To allow anonymous login: Edit -> Properties -> OPC UA -> Allow Anonymous Login -> Yes

I was facing the same issue and it was resolved after anonymous login was enabled.