Authentication

The TwinCAT OPC UA Client supports the use of different IdentityTokens to authenticate to an OPC UA Server.

The following screenshots are taken with the TwinCAT OPC UA I/O Client. All of the functions described are also supported when using the PLCOpen function blocks.

Anonymous

This type of authentication enables the TwinCAT OPC UA Client to establish a connection to the server application without specifying a user identity. Below you will find an example screenshot from the TwinCAT OPC UA I/O Client.

Authentication 1:

Username/Password

This type of authentication uses a username/password combination to authenticate the TwinCAT OPC UA Client to the server application. Below you will find an example screenshot from the TwinCAT OPC UA I/O Client.

Authentication 2:

User certificate

With this type of authentication, the TwinCAT OPC UA Client uses a certificate to authenticate itself to the server application. The handling of user certificates on the server side is identical to the use of certificates on the transport layer, i.e. the server must trust the (user) certificate before the client can successfully authenticate itself to the server with the certificate. Below you will find an example screenshot from the TwinCAT OPC UA I/O Client.

Authentication 3:

Notice

Authentication and server certificate

When using the unencrypted endpoint in combination with authentication, the TwinCAT OPC UA Client still requires the public key from the OPC UA Server certificate in order to encrypt the password during transmission. To this end the certificate must be trusted in the TwinCAT OPC UA Client (see certificate exchange).