This type is used to serialize the configuration for a UserTokenPolicy. It is defined in Table 116.
The UserTokenSettingsDataType in the is used to configure how to validate UserIdentityTokens.
If a CertificateGroup is specified it refers to the TrustList used to verify credentials by either verifying that an X509IdentityToken is trusted or by using a Certificate in the TrustList to verify the Signature on an IssuedIdentityToken. The CertificateGroup is not specified for UserName or Anonymous TokenTypes.
The KeyCredentialName is only specified for IssuedIdentityTokens and refers to a KeyCredential needed to access network resources used to validate IssuedIdentityTokens.
Table 116 – UserTokenSettingsDataType Structure
|
Name |
Type |
Description |
|
UserTokenSettingsDataType |
Structure |
|
|
TokenType |
0:UserTokenType |
The type of UserIdentityToken |
|
IssuedTokenType |
0:String |
A URI identifying the type of IssuedIdentityToken (i.e. JWT). |
|
IssuerEndpointUrl |
0:String |
An optional string which depends on the Authorization Service. The meaning of this value depends on the IssuedTokenType. Further details for the different Token types are defined in OPC 10000-6. |
|
SecurityPolicyUri |
0:String |
The SecurityPolicy to use when encrypting or signing the UserIdentityToken when it is passed to the Server in the ActivateSession request. For X509 UserIdentityTokens this value shall specify the SecurityPolicy that matches the Certificates that the Server will accept. For other UserIdentityTokens this value shall specify the SecurityPolicy to use when the SecureChannel uses SecurityPolicy = None. |
|
CertificateGroupName |
0:String |
The name of the corresponding entry in the CertificateGroups list of the ApplicationConfiguration. It contains the TrustList used to verify an X509IdentityToken. Only specified if the TokenType is an X509IdentityToken. |
|
AuthorizationServiceName |
0:String |
The name of the corresponding entry in the AuthorizationServices list of the ApplicationConfiguration. This is the AuthorizationService which issues tokens accepted by the Server. Only specified if the TokenType is an IssuedIdentityToken. |
Its representation in the AddressSpace is defined in Table 117.
Table 117 – UserTokenSettingsDataType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:UserTokenSettingsDataType |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the 0:BaseConfigurationRecordDataType defined in 7.8.5.5. |
||||||
|
|
||||||
|
Conformance Units |
||||||
|
Server Endpoint Management |
||||||