I want to connect an OPC UA gateway to my cloud Cumulocity tenant. I have OPC UA management service enabled in my tenant but still I am not able configure the OPC UA gateway. It is showing “403 access denied exception” even though I have all the access in my role. I am not able figure it out what is the problem. Kindly suggest how can I fix the issue.
We need more info.
What is the version of the gateway you are trying to start? How do you start it?
How and where is the 403 presented.
Which tenant are you trying to connect to?
Please add all relevant configuration files and logs.
I am using OPC Gateway 1015.0.278 and my tenant id is t668243014. Whenever I start the gateway application, after successful start of the application it shows the com.cumulocity.sdk.client.SDKException: Http status code: 403 exception in the application console. I followed the link https://cumulocity.com/guides/protocol-integration/opcua/ for configuration. I am not able attach any files in the attachment to share the log file and config file. I have shared some logs below for your reference.
813 INFO 18332 --- [ main] c.c.o.c.g.c.HttpConnectionConfiguration : Gateway http connection configuration: HttpConnectionConfiguration(maxPerRoute=100, maxTotal=100, inactivityLeaseTimeout=50000)
2023-03-01 18:47:43.860 INFO 18332 --- [ scheduler-1] c.c.o.c.g.b.service.BootstrapService : Credentials is not available locally or bootstrap is forced, polling from server..
2023-03-01 18:47:43.898 INFO 18332 --- [ scheduler-2] c.c.o.c.g.m.HttpPostQueue : Queue buffer size: 0/25000
2023-03-01 18:47:43.898 INFO 18332 --- [ main] c.c.o.c.g.m.HttpPostQueue : Scheduled housekeeping job to ensure queue max size of the queue - every 10 seconds
2023-03-01 18:47:43.898 INFO 18332 --- [ main] c.c.o.c.g.m.HttpPostQueue : Scheduled queue flushing to run every 100 milliseconds
2023-03-01 18:47:44.199 INFO 18332 --- [ main] c.c.o.c.g.p.r.a.DataAggregateScheduler : Start scheduling data aggregate with fixed delay: 15 seconds
2023-03-01 18:47:44.759 INFO 18332 --- [ main] c.c.o.client.gateway.GatewayApplication : Started GatewayApplication in 7.85 seconds (JVM running for 9.278)
2023-03-01 18:47:44.774 INFO 18332 --- [ scheduler-7] c.c.o.c.g.v.ValueMapManagerService : No values are currently known. Skipping persisting value maps
2023-03-01 18:47:44.774 INFO 18332 --- [ scheduler-12] c.c.o.c.g.v.ValueMapManagerService : No credentials are available yet: Cannot clean away orphaned server value maps.
2023-03-01 18:47:47.454 ERROR 18332 --- [ scheduler-1] o.s.s.s.TaskUtils$LoggingErrorHandler : Unexpected error occurred in scheduled task
com.cumulocity.sdk.client.SDKException: Http status code: 403
{error="security/Forbidden",message="Access is denied",info="https://www.cumulocity.com/guides/reference/rest-implementation//#a-name-error-reporting-a-error-reporting",details="null"}
at com.cumulocity.sdk.client.ResponseParser.checkStatus(ResponseParser.java:75)
at com.cumulocity.sdk.client.ResponseParser.parse(ResponseParser.java:57)
at com.cumulocity.sdk.client.RestConnector.parseResponseWithoutId(RestConnector.java:364)
at com.cumulocity.sdk.client.RestConnector.post(RestConnector.java:270)
at com.cumulocity.sdk.client.devicecontrol.DeviceCredentialsApiImpl.pollCredentials(DeviceCredentialsApiImpl.java:46)
at com.cumulocity.opcua.client.gateway.bootstrap.service.BootstrapService.pollDeviceCredentials(BootstrapService.java:157)
at com.cumulocity.opcua.client.gateway.bootstrap.service.BootstrapService.lambda$scheduleDeviceCredentialsPoll$0(BootstrapService.java:144)
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
It seems to me that you have registered the OPC UA Gateway but no credentials are stored localy. Maybe you changed some configuration or something went wrong.
2023-03-01 18:47:44.774 INFO 18332 — [ scheduler-12] c.c.o.c.g.v.ValueMapManagerService : No credentials are available yet: Cannot clean away orphaned server value maps.
In the last case you have to register the OPC UA Gateway new. Please remove the device gateway: OPC UA - Cumulocity IoT Guides
and also all local created files.
please look at your application-{yourProfile}.yaml
gateway:
db:
baseDir: ${user.home}/.opcua/data
remove all file underneath data folder.
I hope this helps. But be aware, after registration you have to reconnect and configure new your OPC UA Server.
I have done all the steps that you suggested but still I am getting the same error. I have attached the config file (with out credential) and log file for reference and shared some screenshot of opcua-mgnt-service subscription and gateway registration. Kindly check and suggest how I can fix the issue.