Endpoints
The Anybus CompactCom implements the Endpoints listed in the table below.
Endpoint # | SecurityPolicy | Message security mode | Security level | UserIdentityTokens |
|---|---|---|---|---|
1 | SecurityPolicyNone | None | 0 | Username_Basic256Sha256, Username_Aes128_Sha256_RsaOaep (Username_None) |
2 | SecurityPolicy [B] – Basic256Sha256 | Sign | 2 | Username_Null (Username_None) |
2 | SecurityPolicy [B] – Basic256Sha256 | SignAndEncrypt | 4 | Username_None |
3 | SecurityPolicy [A] – Aes128-Sha256-RsaOaep | Sign | 1 | Username_Null (Username_None) |
4 | SecurityPolicy [A] – Aes128-Sha256-RsaOaep | SignAndEncrypt | 3 | Username_None |
Endpoints with SecurityPolicyNone and the UserIdentityToken “Username_None” on all endpoints are disabled by default and can only be enabled by an administrator from the internal web pages or from the Network Configuration object (04h). By enabling the UserIdentityToken “Username_None” it is possible to connect to the CompactCom module without configuring any certificates and private keys.
Endpoints with SecurityPolicy other than None are disabled if no device certificate is installed for OPC UA. How to install device and CA certificates are described in Initial Setup and Account Configuration.
Endpoints implementing SecurityPolicy other than None and message security mode Sign offer the UserIdentityToken “Username_Null” for session authentication. UserIdentityTokens without any SecurityPolicy specified used on a secure channel with a SecurityPolicy other than None, inherits the SecurityPolicy from the secure channel.
Endpoints implementing SecurityPolicy other than None and message security mode SignAndEncrypt offer the UserIdentityToken “Username_None” for session authentication. The secure channel encrypts all data, hence there is no need to also encrypt the authentication credentials.
Important
If the application is to pass the conformance test for OPC UA, the UserIdentityToken “Username_None” must be disabled (does not apply to endpoints with message security mode SignAndEncrypt) or some external security mechanism must be applied to encrypt the authentication credentials.