Disable anonymous access to Igniton OPC UA server

When I enable Expose Tag providers in in OPC UA server, by default anonymous, no encryption access enable.
How can I disable that and force only signed encryption access method be available?

Anonymous access is not enabled by default, you must have turned it on in the Configure > OPC-UA Server > Settings area.

The security policies are fixed and not configurable in 7.9. This has changed in 8.0.

Thanks Kevin, I was wrong someone before me enable it.
If an opc UA client use unsigned certificate where should I accept the client certificate for the first time in Igniton?

The OPC UA client and server in 7.9 accepts all certificates.

This has also changed in 8.0 and there’s a config section to manage the certificates.


I set Allow anonymous Access to False and reset the server and go to kepware OPC Client and set Security policy to None.
But Igniton accept the connection and expose all tag even though I disable anonymous Access!!!
I think there is no security working in 7.9.

Did you restart the gateway? Did you configure Kepware to connect with a username/password or did it still connect anonymously?

If you enabled the Exposed Tags setting they are exposed to any client that connects; there is no access control.

I reset the gateway.
I configure kepware to connect to igniton as anonymous.
In igniton 8 is there any security for exposed tags?

No there’s no changes to exposed tags in 8.0 right now.

What kind of access controls are you looking for? Allowing access to exposed tags based on roles or something finer grained?

In a pinch, you could use my Ethernet/IP Module to create arbitrary data structures to publish via OPC. A simulator device on steroids, so to speak. They would be exposed on the OPC side, even if you didn’t make tags out of them. You wouldn’t needed to use the exposed tags setting at all, allowing you to restrict access.

1 Like