PLCnext API Documentation 25.0.2.69
Classes | Enumerations | Functions
Arp::System::Um::Services Namespace Reference

Namespace for services of the User Manager (UM) More...

Classes

class  ChannelInformation
 Describes an external channel at which the authentication of a user was requested. More...
 
class  IAuthorizationInfoService
 This service checks if a session has particular permissions for protected entity operations. More...
 
class  IPasswordAuthenticationService
 Create and close sessions at the UserManager. More...
 
class  ISessionService
 UserManager Service to retrieve and set session properties like sessionId and extended session informations More...
 

Enumerations

enum class  AuthenticationError : int32 {
  None = 0 , InvalidCredentials = 1 , PenaltyDelayActive = 2 , SessionLimitReached = 3 ,
  UserPasswordExpired = 4 , TryAgainLater = 5
}
 Describes several error codes which can occur during an authentication request. More...
 
enum class  MessageSecurityMode : int32 { None = 0 , Signed = 1 , Encrypted = 2 }
 Describes the security measures which are applied to messages transported via a channel. More...
 

Functions

ARP_EXPORT std::ostream & operator<< (std::ostream &os, AuthenticationError value)
 
ARP_EXPORT std::istream & operator>> (std::istream &is, AuthenticationError &value)
 
ARP_EXPORT std::ostream & operator<< (std::ostream &os, MessageSecurityMode value)
 
ARP_EXPORT std::istream & operator>> (std::istream &is, MessageSecurityMode &value)
 
constexpr MessageSecurityMode operator| (MessageSecurityMode lhs, MessageSecurityMode rhs)
 
constexpr MessageSecurityMode operator& (MessageSecurityMode lhs, MessageSecurityMode rhs)
 
constexpr MessageSecurityModeoperator|= (MessageSecurityMode &lhs, MessageSecurityMode rhs)
 
constexpr MessageSecurityModeoperator&= (MessageSecurityMode &lhs, MessageSecurityMode rhs)
 
constexpr MessageSecurityMode operator~ (MessageSecurityMode arg)
 

Detailed Description

Namespace for services of the User Manager (UM)

Enumeration Type Documentation

◆ AuthenticationError

Describes several error codes which can occur during an authentication request.

Enumerator
None 

An authentication was successfull in example it created a new session.

InvalidCredentials 

An authentication failed because of wrong credentials (i.e. wrong password and / or username).

By intent it is not distinguished whether or not the authentication failed due to a wrong password or a wrong username. Such information would help an attacker to identify valid user names and then concentrate attacks on them.

Credentials can be 2-tuples from username and password as well as other items in the future.

PenaltyDelayActive 

An authentication operation was rejected before the credentials (i.e. username and password) have been checked due to former authentication failures.

Such rejections happen during a delay period after a former failed authentication to slow down brute force attacks.

SessionLimitReached 

The capacity within the device to create more sessions has been reached.

Please note that limits may be specific to particular groups of users. In example there may be a pool of sessions which is reserved for administrative sessions. Then it may happen that authentications for "normal" users are failing with this error even though the pool for administrative sessions still has free capacity.

UserPasswordExpired 

The currently set password for the user has expired and needs to be changed.

Assigned roles to users can require the enforcement of more restrictive password settings by the usermanager, including a limited lifespan for passwords. Roles don't have to require password expiration. These settings can be managed by the administrator.

TryAgainLater 

The system is temporarily unable to answer authentication requests.

With this error the caller shall try again at a later point in time - no earlier than two seconds later. This error can happen if the system is still initializing itself during startup or reinitializing itself after a reconfiguration.

◆ MessageSecurityMode

Describes the security measures which are applied to messages transported via a channel.

The names of the message security modes are similar to the names for values for

MessageSecurityMode
Describes the security measures which are applied to messages transported via a channel.
Definition: MessageSecurityMode.hpp:26

at OPC UA standard 1.03 part 4 (see section 7.14, table 134). But by intent the numeric values are not equal because internally flags should be used for faster processing.

See also
Arp.System.Um.Services.ChannelInformation, Arp.System.Um.Services.ChannelInformation.SecurityMode
Enumerator
None 

When the value is equal to zero then no message security is applied.

Signed 

With this flag set messages are guaranteed to be integer and authentic. They originate from the authenticated sender.

Encrypted 

With this flag set messages were transferred secretly. Eavesdropping would not have made sense for an attacker.