Server with Authentication (user/password) and Encryption

[MattiaCozziPLRM]

Hello everyone,

I'm trying to create a server with authentication (via user and psw).
I didn't find an example to do that (something like "server-minimal-auth.py", because for client already exists a "client-minimal-auth.py" example...).
The server is working if I set SecurityPolicy to "None", however the following error appears:
Error 'BadSecurityModeInsufficient' was returned during ActivateSession, press 'Ignore' to suppress the error and continue connecting.

I tried to set a SecurityPolicy Basic256Sha256 ("Sign" or "SignAndEncrypt"), but always obtain these messages (also if I change policy):
Used UserTokenType: UserName
Error 'BadTimeout' was returned during OpenSecureChannel
Connection status of server 'myServer' changed to 'Disconnected'.

My server code is this:

try:
    from opcua import ua, uamethod, Server
    from opcua.server.user_manager import UserManager
    from time import sleep
    import datetime
except ImportError as e:
    print(e)

users_db =  {
                'user1': 'psw1'
            }

def user_manager(isession, username, password):
    isession.user = UserManager.User
    return username in users_db and password == users_db[username]

if __name__ == "__main__":
   
    server = Server()

    endpoint = "opc.tcp://0.0.0.0:4841"
    server.set_endpoint(endpoint)

    servername = "myServer"
    server.set_server_name(servername)

    name = "OPC_myServer"
    addspace = server.register_namespace(name)
    node = server.get_objects_node()
    node1 = node.add_object(addspace, "myNode")
    object1 = node1.add_object(addspace, "object1")
    test = object1.add_variable(addspace, "test", "NA")
    serverTime = node1.add_variable(addspace, "serverTime", "NA")
    
    uri = "urn:opcua:python:server"
    server.set_application_uri(uri)
    
    server.load_certificate("cert.der")
    server.load_private_key("key.pem")
    server.set_security_policy([
                                    ua.SecurityPolicyType.NoSecurity
                                    # ua.SecurityPolicyType.Basic128Rsa15_Sign,
                                    # ua.SecurityPolicyType.Basic128Rsa15_SignAndEncrypt,
                                    # ua.SecurityPolicyType.Basic256_SignAndEncrypt
                                    # ua.SecurityPolicyType.Basic256Sha256_Sign
                                    # ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt
                                ])
    policyIDs = ["Username"]
    server.set_security_IDs(policyIDs)
    server.user_manager.set_user_manager(user_manager)

    ## start the server
    server.start()

    try:
        while True:
            Temperature = randint(10,50)
            Pressure = randint(200, 999)
            TIME = datetime.datetime.now()
            print(Temperature, Pressure, TIME)
            print("UP", TIME)
            Temp.set_value(Temperature)
            Press.set_value(Pressure)
            serverTime.set_value(TIME)
    except KeyboardInterrupt:
        server.stop()

Could someone help me?
Thank you in advance,

Mattia

[yori2]

I think there may be a problem with the certificate and key you generated. My old version of openssl cannot identify “- addext "subjectAltName = URI:urn:example.org: FreeOpcUa: python - opcua"“ this sentence. When I use OpenSSL 3.0.5 on Windows to generate the certificate and key, this sentence no longer returns an error and encryption authentication is successfully performed.