Search code examples
c++serveropc-uaopcopen62541

Use Open62541 to connect a server failed, because of 'No suitable UserTokenPolicy found for the possible endpoints'


im new to opc but need to connect with a server. my colleague told me the server is no Security Policy and Certificate, just a username and password, he is not familiar with this too.

the result is : enter image description here

And i do connect with the server by UaExpert: enter image description here enter image description here

there is my code:

#include "open62541.h"
#include "ros/ros.h"
#include <iostream>

int main() {

    UA_Client *client = UA_Client_new();
    UA_ClientConfig *cc = UA_Client_getConfig(client);

    UA_ClientConfig_setDefault(cc);

    cc->securityMode = UA_MESSAGESECURITYMODE_NONE;

    const char* serverurl = "opc.tcp://server_ip";
    const char* username = "username";
    const char* password = "123";
    UA_StatusCode retval = UA_Client_connectUsername(client, serverurl, username, password);

    if(retval != UA_STATUSCODE_GOOD) {
        UA_Client_delete(client);
        return EXIT_FAILURE;
    }

    UA_LOG_INFO(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, "Connected!");

    UA_Client_disconnect(client);
    UA_Client_delete(client);
    return retval == UA_STATUSCODE_GOOD ? EXIT_SUCCESS : EXIT_FAILURE;
}

i cant find a solution, so i ask the question thanks


Solution

  • I observed the same issue on a blog post where, unlike my situation, the author had developed their own server. So he do some tests: On the server side, when allowing both anonymous and username/password authentication, clients using either method could successfully connect when the server endpoint was set to non-encrypted mode (having only 'None' as the security ). However, upon adding encrypted endpoints to the server configuration, it became impossible to authenticate via username and password over the unencrypted ('None') endpoint.

    his conclusion was: Upon configuring encryption security policies, the server adopts the strictest encryption method by default, leading to failed connections for clients attempting to use non-encrypted modes.

    Taking this information into account, I proceeded to attempt a connection using encryption.

      cc->securityPolicyUri = UA_STRING_ALLOC("http://opcfoundation.org/UA/SecurityPolicy#None");
      cc->securityMode = UA_MESSAGESECURITYMODE_NONE;
    

    then loading the client's generated certificate and private key, I succeeded in connecting to the server through username and password verification. This connection not only permitted access but also enabled modification of data on the server.

    the code is :

    bool open62541tool::connect()
    {
      UA_ByteString certificate = loadFile(cli.certs);
      UA_ByteString privateKey  = loadFile(cli.keys);
    
    
      UA_ClientConfig *cc = UA_Client_getConfig(this->client);
    
      cc->securityPolicyUri = UA_STRING_ALLOC("http://opcfoundation.org/UA/SecurityPolicy#None");
      cc->securityMode = UA_MESSAGESECURITYMODE_NONE;
      UA_ClientConfig_setDefaultEncryption(cc, certificate, privateKey,0,0,0,0);
      UA_SecurityPolicy_None(cc->securityPolicies, certificate, &cc->logger);
      UA_String_deleteMembers(&cc->clientDescription.applicationUri);
      cc->clientDescription.applicationUri = UA_STRING_ALLOC("urn:open62541.client.application");
    
    
      UA_StatusCode retval = UA_Client_connect_username(this->client, cli.endpointUrl, cli.username, cli.password);
      if(retval != UA_STATUSCODE_GOOD) {
          return EXIT_FAILURE;
      }
      UA_LOG_INFO(UA_Log_Stdout, UA_LOGCATEGORY_CLIENT, "#############!!!!##Connected################");
      UA_ByteString_clear(&certificate);
      UA_ByteString_clear(&privateKey);
    
      return true;
    }
    

    If there are any issues with my response, I hope everyone will contribute their insights.