Ignition 8.3.3 seems to have changed the behavior for system.opcua.addConnection. The previous calls where ‘username” and “password" were supplied now results in Ignition attempting an anonymous connection to the OPC UA server. I see mention of OPC UA Authentication type changes in the 8.3.3 change notes, but no updates to the documentation for system.opcua.addConnection. Does this function still work with the authentication changes? Is there any updated documentation available for system.opcua.addConnection?
Hmm, that scripting function might need to get updated (and the docs) before this will work again. I'll open a ticket.
In the meantime you could use the OpenAPI endpoint instead. All of these old add or remove a connection or some other random thing scripting functions are destined for deprecation. Soon we'll have a scripting API for accessing the OpenAPI endpoints as well.
3 Likes
Makes sense. Thank you for the explanation. I was able to move that direction.
One aspect of the /data/api/v1/resources/ignition/opc-connection endpoint that tripped me up was the config.settings.security portion. I make OPC-UA connections to PLC’s that only allow authenticated with Signed/SignAndEncrypt options. But I was was setting certificateValidationEnabled to false. This combination did not work without setting the keyStoreAlias and keyStoreAliasPassword. Where are these settings meant to be derived from? I was able to borrow the encrypted blob from a working connection, but I don’t think this is the proper way to do it.
There's another endpoint that allows you to create secrets: http://localhost:8088/openapi#tag/encryption/paths/~1data~1api~1v1~1encryption~1encrypt/post
keyStoreAlias is just a regular String and should generally be "client" unless you've added additional OPC UA client certificates to the KeyStore and want to use a different one for that connection. keyStoreAliasPassword will be an encrypted secret for "password".
1 Like