Authentication to Ignition OPC UA Server

Ignition
21

Elaborating on this, every OPC UA client I've seen does basically the same "two step" connection:

  1. Connect, call GetEndpoints, disconnect.
  2. Connect to one of the endpoints returned by 1, create a Session, activate Session, do stuff with Session.

The "endpoints" returned by the GetEndpoints service are an EndpointDescription structure containing things like the endpoint URL, security configuration, the server certificate, available authentication methods, etc...

Assuming one of the endpoints matches your criteria, you select one and then connect to it with the intention of creating and activating a Session to work with.

The boneheaded mistake many client developers make is that they ignore the endpoint URL returned in the EndpointDescription selected after step 1, assume it's the same URL they used in step 1, and then carry on with step 2 using the wrong endpoint URL.

In many cases it's the same, but it's not required to be, and it's not the same in the configuration Ignition uses by default where unsecured discovery services run at a separate endpoint.

22

Thanks for the additional details Kevin!
I'm writing this unreal engine wrapper around a library and I definitely want to approach this the correct way. It's a bit hairy for sure. I've been digging through this library source trying to find anything on how to store a server cert (as I'm literally going to have it in the module file system) and also properly pass the client cert direclty to ignition from the client config ... but this is kicking my rear pretty hard :wink: In addition unreal has its own way of dealing with c++ as it isn't std and uses a ton of helper libraries and engine macros.