8 KeyCredential Management ToC Previous Next

8.4 Information Model for Pull Management ToC Previous Next

8.4.5 FinishRequest ToC Previous Next

FinishRequest is used to retrieve a KeyCredential.

If a Certificate was provided in the request then the KeyCredential secret is encrypted using an asymmetric encryption algorithm specified by the SecurityPolicyUri provided in the request.

The format of the signed and encrypted credentialSecret is the same as the Version 2 Token Secret Format defined in OPC 10000-4. When used for the credentialSecret, the signature is provided by the source of the KeyCredential which can be the GDS Application Instance Certificate. The serverNonce is a random number generated by the GDS.

If the return code is Bad_RequestNotComplete then the request has not been processed and the Client should call again. The recommended time between calls depends on the GDS.

This Method requires an encrypted channel and that the Client provides credentials with administrative rights for the application requesting the credentials.


FinishRequest (
[in]  NodeId     requestId,
[in]  Boolean    cancelRequest,
[out] String     credentialId,
[out] ByteString credentialSecret,
[out] NodeId[]   grantedRoles

Argument Description
requestId The identifier returned from a previous call to StartRequest.
cancelRequest If TRUE the request is cancelled and no KeyCredentials are returned.
If FALSE the normal processing proceeds.
credentialId The unique identifier for the KeyCredential.
credentialSecret The secret associated with the KeyCredential.
certificateThumbprint The thumbprint of the Certificate containing the key used to encrypt the secret.
Not specified if the secret is not encrypted.
securityPolicyUri The SecurityPolicy used to encrypt the secret.
If not specified the secret is not encrypted.
grantedRoles A list of Roles which have been granted to KeyCredential.
If empty then the information is not relevant or not available.

Method Result Codes (defined in Call Service)

Result Code Description
Bad_InvalidArgument The requestId is does not reference to a valid request for the Application.
Bad_RequestNotComplete The request has not been processed by the Server yet..
Bad_UserAccessDenied The current user does not have the rights required.
Bad_RequestNotAllowed The KeyCredential manager rejected the request.
The text associated with the error should indicate the exact reason.

Table 49 specifies the AddressSpace representation for the FinishRequest Method.

Table 49 – FinishRequest Method AddressSpace Definition

Attribute Value
BrowseName FinishRequest
References NodeClass BrowseName DataType TypeDefinition ModellingRule
HasProperty Variable InputArguments Argument[] PropertyType Mandatory
HasProperty Variable OutputArguments Argument[] PropertyType Mandatory

Previous Next