Search

39 result(s) for ActivateSession

• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  6.20 Changing Users in OPC UA
  Changing Users in OPC UA OPC UA via the ActivateSession Service allows a Client to change the user that is involved with the Session . This Service can have security related ... existing activities switch to the new context. Furthermore, in multi-threaded environments, when an ActivateSession request is received by a Server , it should stop processing new Service calls until
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  4.9.1 Overview
  using it to create a Secure Channel or by providing a signature in ActivateSession (see OPC 10000-4 ). Endpoint identity mappings are based on the URL used to connect
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.4.1 Description
  Client which type of user credentials shall be passed to the Server in the ActivateSession request (see 5.7.3 ). If the securityPolicyUri is None and none of the UserTokenPolicies requires encryption
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.6.1 Overview
  different SecureChannel . The Client can do this by validating the new SecureChannel with the ActivateSession Service described in 5.7.3 . If a Server acts as a Client to other Servers , which ... original Client's user identity to the underlying Server when it calls the ActivateSession Service . If impersonation is not an option then the Server shall map the original Client
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.6.2.1 Description
  Servers shall verify that the same Certificates are used in the CreateSession and ActivateSession Services . Certificates are not provided and shall not be verified if the securityPolicyUri is None
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.2.1 Description
  Session . The Client may associate a new SecureChannel with the Session by calling ActivateSession. For the N Sessions supported by a Server, the Server shall support N+1 SecureChannels ... Session created with this Service shall not be used until the Client calls the ActivateSession Service and proves possession of its ApplicationInstanceCertificate and any user identity token that it provided
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.2.2 Parameters
  Client shall use this value to prove possession of its ApplicationInstanceCertificate in the ActivateSession request. This value may also be used to prove possession of the userIdentityToken it specified ... ActivateSession request. serverCertificate ApplicationInstance Certificate The ApplicationInstanceCertificate issued to the Server . A Server shall prove possession by using the private key to sign the Nonce provided by the Client
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.3.1 Description
  used again. For that reason, the Server returns a new serverNonce each time the ActivateSession Service is called. When the ActivateSession Service is called for the first time then ... same as the one associated with the CreateSession request. Subsequent calls to ActivateSession may be associated with different SecureChannels. If this is the case then the Server shall verify that
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.3.2 Parameters
  Parameters Table 17 defines the parameters for the Service . Table 17 - ActivateSession Service Parameters Name Type Description Request requestHeader RequestHeader Common request parameters. The type RequestHeader is defined ... this Service. This parameter only needs to be specified during the first call to ActivateSession during a single application Session . If it is null or empty the Server shall keep
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.6 Impersonating a User
  Server it can change the user identity associated with the Session by calling the ActivateSession service. The steps involved in impersonating a user are shown in Figure 23 . The access
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.8 Calculating Signatures used in CreateSession and ActivateSession
  Calculating Signatures used in CreateSession and ActivateSession There are a number of Signatures which Client and Server applications may need to calculate when calling CreateSession and ActivateSession . The new Signature ... Application Certificate ( ServerCertificate ); The Client Application Certificate ( ClientCertificate ); The ServerNonce returned in CreateSession or ActivateSession ; The ClientNonce passed in CreateSession ; The ChannelThumbprint is a unique identifier for the SecureChannel computed
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.5.6 Auditing for Session Service Set
  invoked. The CreateSession service shall generate AuditCreateSessionEventType events or sub-types of it. The ActivateSession service shall generate AuditActivateSessionEventType events or subtypes of it. When the ActivateSession Service is called
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.4.5.5 HotAndMirrored
  Client will simply create a new SecureChannel on an alternate Server and then call ActivateSession ; all Client activities (browsing, subscriptions, history reads, etc.) will then resume. Figure 32 illustrate
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.7 Re-establishing connections
  connection by creating a new SecureChannel and activating the Session with the Service ActivateSession . If the OpenSecureChannel fails, the Client should delay the retry for a configurable time. The ActivateSession ... MonitoredItems do not overflow. The Client shall only create a new Session if ActivateSession fails. TransferSubscriptions is used to transfer the Subscription to the new Session . If TransferSubscriptions fails
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.1 AdditionalParametersType
  addition to basic types such as Strings. Note that the calls to CreateSession / ActivateSession are made before the Client can read the Server's current NamespaceArray . This means that only
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.14 EndpointDescription
  Server will accept. The Client shall pass one of the UserIdentityTokens in the ActivateSession request. The UserTokenPolicy type is described in 7.41 . transportProfileUri String The URI of the Transport Profile
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.2 Legacy Encrypted Token Secret Format
  data. serverNonce Byte [*] The last ServerNonce returned by the Server in the CreateSession or ActivateSession response
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.3 EncryptedSecret Format
  different SecurityPolicies . Nonce ByteString This is the last serverNonce returned in the CreateSession or ActivateSession Response when a UserIdentityToken is passed with the ActivateSession Request . If used outside ... ActivateSession call, the Nonce is created by the sender and its length shall be between 32 and 128 bytes inclusive. Secret ByteString The secret to protect. The password when used
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.4 RsaEncryptedSecret DataType
  Nonce ByteString A Nonce . This is the last ServerNonce returned in the CreateSession or ActivateSession Response when proving a UserIdentityToken passed in the ActivateSession Request . In other contexts, this
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.5 EccEncryptedSecret DataType
  Nonce ByteString A Nonce . This is the last ServerNonce returned in the CreateSession or ActivateSession Response when proving a UserIdentityToken passed in the ActivateSession Request . In other contexts, this
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.4 UserNameIdentityToken
  encryptionAlgorithm is specified in the UserNameIdentityToken or IssuedIdentityToken provided by the Client in the ActivateSession call. The SecurityPolicy Other in the table refers to any SecurityPolicy other than None
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.5 X509IdentityTokens
  This token shall always be accompanied by a Signature in the userTokenSignature parameter of ActivateSession if required by the SecurityPolicy . The Server should specify a SecurityPolicy for the UserTokenPolicy ... allow anonymous users, it should close the Session . Clients should renew the token with ActivateSession before the expiration time to avoid communication interruption or other operation failures. Table 190 defines
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.6 IssuedIdentityToken
  allow anonymous users, it should close the Session . Clients should renew the token with ActivateSession before the expiration time to avoid communication interruption or other operation failures. Table 191 defines
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.41 UserTokenPolicy
  encrypting or signing the UserIdentityToken when it is passed to the Server in the ActivateSession request. Clause 7.40 describes how this parameter is used. The security policy for the SecureChannel
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  3.1.1 ClientUserId
  obtained directly or indirectly from the UserIdentityToken passed by the Client in the ActivateSession Service call or from the authenticationToken in the requestHeader of a SessionlessInvoke Service call
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.4.3 AuditEventType
  requesting an action. The ClientUserId can be obtained from the UserIdentityToken passed in the ActivateSession call. If the UserIdentityToken is a UserNameIdentityToken then the ClientUserId shall be the UserName
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.4.7 AuditSessionEventType
  Session/" and the Service or cause that generates the Event (e.g. CreateSession , ActivateSession or CloseSession ). The SessionId shall contain the SessionId of the session that the Service call
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  12.12 SessionSecurityDiagnosticsDataType
  authenticated user currently active (either from creating the session or from calling the ActivateSession Service ) and the history of those names. Each time the active user changes, an entry shall
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.1 Security Handshake and Security Policies
  SecureChannel are required for the SecurityPolicy . Specifically, Channel-bound Signature calculations in CreateSession / ActivateSession ; Chained symmetric key derivation when renewing SecureChannels . If FALSE or the parameter is not specified
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.2.6 Certificate Chains
  whenever they pass a Certificate. This includes GetEndpoints , SecureChannel negotiation and during the CreateSession / ActivateSession handshake. All OPC UA applications shall accept partial or complete chains in any field that
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.5.2.3 Access Tokens
  Access Token will expire and should request a new Access Token and call ActivateSession before the old Access Token expires. The JWT format allows the Authorization Service to insert
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.8.2 UserIdentityToken Encryption
  UserIdentityToken Encryption ActivateSession allows a Client to provide an encrypted UserIdentityToken using a SecurityPolicy specified by a UserTokenPolicy supported by the current Endpoint . With ECC, encryption requires that the Client ... Server exchange EphemeralKeys and there is no mechanism in the current CreateSession / ActivateSession handshake to do this. For that reason, EphemeralKeys are returned in the AdditionalHeader field of the ResponseHeader
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  7.4.1 Overview
  however, it only affects the algorithms used for signing the Nonces during the CreateSession / ActivateSession handshake. A SecurityPolicy of None indicates that the Nonces are not signed. The SecurityMode ... HTTPS transport and require application authentication shall check application Certificates during the CreateSession / ActivateSession handshake. HTTPS Certificates can be automatically generated; however, this will cause problems for Client s operating
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  6.4 Application Registration Workflow
  tool. Connect For the connection management with the GDS the services OpenSecureChannel , CreateSession and ActivateSession are used to create a connection with MessageSecurityMode SignAndEncrypt and a user that
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.6 Pull Management Workflow
  option (2). For the connection management with the CertificateManager the Services OpenSecureChannel , CreateSession and ActivateSession are used to create a connection with MessageSecurityMode SignAndEncrypt and an Anonymous user. The default
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.7.2 Update Certificates Workflow
  Possible credentials used to authenticate the CertificateManager are: CertificateManager ApplicationInstance Certificate ; UserIdentityToken provided in ActivateSession . Update TrustList Workflow The steps involved in updating the Certificate are described in the Update
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.25 UserTokenSettingsDataType
  encrypting or signing the UserIdentityToken when it is passed to the Server in the ActivateSession request. For X509 UserIdentityTokens this value shall specify the SecurityPolicy that matches the Certificates that
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  5.2.3 UserConfigurationMask
  NoDelete 0 The user cannot be deleted. Disabled 1 The user is disabled. For ActivateSession , a disabled user behaves like a user that does not exist. NoChangeByUser 2 The user ... ChangePasssword is used to set a new password. The Method and the behaviour of ActivateSession are defined in 5.2.8 . The MustChangePassword bit set is invalid if the NoChangeByUser
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  5.2.8 ChangePassword Method
  used to activate a Session is required to change the password, the Service ActivateSession shall return Good_PasswordChangeRequired and the activated Session shall have only the Role Anonymous . In this ... Session . After a successful call of ChangePassword , the Client is required to call ActivateSession with the user and the new password to apply the change and to get the Roles