OPC UA session 

Creation

The eUA server supports a limited amount of concurrent sessions depending on the controller type (Device-specific OPC UA settings).  

The server verifies the ClientCertificate for secure endpoints when creating a session. Make sure that the ApplicationURI specified in the ApplicationDescription matches the client certificate Subject Alternative Name URI. ApplicationUri checking is enabled by default but may be disabled through configuration (not recommended).

To disable ApplicationUri checking, refer to ApplicationURI check

Session timeout

The session timeout is not fixed but negotiated between client and server. The eUA server negotiates session timeouts in the range between 10 seconds and 1 hour. After a timeout, the session is released.

Activation

The eUA Server session activation service builds upon the PLCnext Technology user management. That means, active OPC UA sessions add to the overall session count. Activation is rejected in case the maximum session count (32) is reached.

To protect against attacks on user identity tokens, user authentication will be disabled for an increasing amount of time if a wrong password has been presented more than once. A maximum penalty time of 30 minutes is applied after 5 attempts. For further information on authentication failures, refer to Authentication failure handling.

User authorization

The eUA server handles access to address space nodes through user roles provided by PLCnext Technology user management. 

For OPC UA client related user roles, refer to User roles and their assigned access permissions in the various applications 

 


• Published/reviewed: 2024-12-10  ☃  Revision 075 •