Authentication

An OPC UA client can authenticate itself to the TwinCAT OPC UA Gateway using various logon methods. The following "IdentityTokens" are supported:

• Anonymous
• User name/Password
• User certificate

Delivery state The IdentityToken "Anonymous" is enabled when the gateway is delivered. We recommend configuring a user or user group for access to the server after initial commissioning. For more information, see Recommended steps.

Anonymous

This type of authentication allows any OPC UA client to establish a connection to the gateway. It is not necessary to specify a user identity. We recommend disabling this authentication method after commissioning the gateway. This can be done via the configurator.

User name/Password

This authentication method uses a user name/password combination to authenticate the client on the OPC UA server of the gateway. The user or user group is created and managed in the operating system.

User certificate

This type of authentication uses a certificate to authenticate to the OPC UA server of the gateway. The handling of user certificates on the gateway side is identical to the use of certificates at transport layer, i.e. the gateway must trust the (user) certificate before the client can successfully authenticate itself to the gateway with the certificate. A separate application directory ("pkiuser") for managing the user certificates is available in the gateway for this purpose.

Configuration

The individual authentication methods are usually enabled/disabled via the configurator.