Henry198 Henry198 - 1 month ago 11
Java Question

Authentication client-server in Eclipse Milo

Is-it possible in Eclipse Milo that a client connects to a server with this authentication parameters: "certificate + private key" ?
And also with parameters "Security Policy" and "Message Security Mode" ?

(as in UAExpert client : http://documentation.unified-automation.com/uaexpert/1.4.0/html/connect.html)

If yes, then how?

I have at my disposal:

  • one private key at ".perm" file format;

  • one certificate at ".der" file format;

  • one CA of the server at ".der" file format;

  • and the CA of the server with 4096-bit at ".der" file format;


yes, it's currently possible although it's not made "easy" like using a username/password is right now.

The client SDK exposes an interface called IdentityProvider which is delegated to while the client is connecting and is given the endpoint and server nonce. It returns a 2-tuple containing a UserIdentityToken and a SignatureData.

You would need to implement this interface for the X509IdentityToken case and return your certificate (in the X509IdentityToken) as well as proof that you have the key to it (in the SignatureData).

Once you have this IdentityProvider you would just tell the client to use it while you were configuring it by calling setIdentityProvider when building the OpcUaClientConfig object.

Since this is a bit burdensome and the point of an SDK is to relieve the user of burden I will make this a feature ticket for Milo as well. If you're not up to implementing it yourself I can get to it this week.