I am trying to have different persons log into the OPC-UA servers of many individual AXC F 2152. However it is not feasable to have these persons all know the delivery password of each device or setting all devices to the same exact password (kinda defeats the purpose of a password).
Certificates seem like a good choice for authentication, as a known-good source could distribute or even revoke them.
However it seems I cannot authenticate to the OPC-UA server without a username and password. If I look into the endpoint-info all endpoints have their UserTokenPolicy set to UserName. And if I try certificate authentication anyways, even with a certificate known to the plc I cannot connect.
Am I doing something wrong? Is there another solution I don’t see?
No, you’re not doing anything wrong.
The OPC UA server in PLCnext Control devices currently only supports the two login options (1) anonymous and (2) username/password. Login using certificates is on the development roadmap, but we currently don’t know if/when that feature will appear.
It’s possible to set up individual users with roles that will allow them to access the OPC UA server, according to the „Applications and Services“ table on this page:
Security - User Authentication If user authentication is enabled, authentication with a user name and password is required for access to certain components of the controller and certain functions in PLCnext Engineer. For example, a new user with the role „DataChanger“ is able to connect to the OPC UA server and read and write variables.