OPC UA Gateway connection access is denied


I want to connect an OPC UA gateway to my cloud Cumulocity tenant. I have OPC UA management service enabled in my tenant but still I am not able configure the OPC UA gateway. It is showing “403 access denied exception” even though I have all the access in my role. I am not able figure it out what is the problem. Kindly suggest how can I fix the issue.

We need more info.
What is the version of the gateway you are trying to start? How do you start it?
How and where is the 403 presented.
Which tenant are you trying to connect to?
Please add all relevant configuration files and logs.

Hi Robert,

I am using OPC Gateway 1015.0.278 and my tenant id is t668243014. Whenever I start the gateway application, after successful start of the application it shows the com.cumulocity.sdk.client.SDKException: Http status code: 403 exception in the application console. I followed the link https://cumulocity.com/guides/protocol-integration/opcua/ for configuration. I am not able attach any files in the attachment to share the log file and config file. I have shared some logs below for your reference.

813  INFO 18332 --- [           main] c.c.o.c.g.c.HttpConnectionConfiguration  : Gateway http connection configuration: HttpConnectionConfiguration(maxPerRoute=100, maxTotal=100, inactivityLeaseTimeout=50000)
2023-03-01 18:47:43.860  INFO 18332 --- [    scheduler-1] c.c.o.c.g.b.service.BootstrapService     : Credentials is not available locally or bootstrap is forced, polling from server..
2023-03-01 18:47:43.898  INFO 18332 --- [    scheduler-2] c.c.o.c.g.m.HttpPostQueue                : Queue buffer size: 0/25000
2023-03-01 18:47:43.898  INFO 18332 --- [           main] c.c.o.c.g.m.HttpPostQueue                : Scheduled housekeeping job to ensure queue max size of the queue - every 10 seconds
2023-03-01 18:47:43.898  INFO 18332 --- [           main] c.c.o.c.g.m.HttpPostQueue                : Scheduled queue flushing to run every 100 milliseconds
2023-03-01 18:47:44.199  INFO 18332 --- [           main] c.c.o.c.g.p.r.a.DataAggregateScheduler   : Start scheduling data aggregate with fixed delay: 15 seconds
2023-03-01 18:47:44.759  INFO 18332 --- [           main] c.c.o.client.gateway.GatewayApplication  : Started GatewayApplication in 7.85 seconds (JVM running for 9.278)
2023-03-01 18:47:44.774  INFO 18332 --- [    scheduler-7] c.c.o.c.g.v.ValueMapManagerService       : No values are currently known. Skipping persisting value maps
2023-03-01 18:47:44.774  INFO 18332 --- [   scheduler-12] c.c.o.c.g.v.ValueMapManagerService       : No credentials are available yet: Cannot clean away orphaned server value maps.
2023-03-01 18:47:47.454 ERROR 18332 --- [    scheduler-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task

com.cumulocity.sdk.client.SDKException: Http status code: 403
{error="security/Forbidden",message="Access is denied",info="https://www.cumulocity.com/guides/reference/rest-implementation//#a-name-error-reporting-a-error-reporting",details="null"}
        at com.cumulocity.sdk.client.ResponseParser.checkStatus(ResponseParser.java:75)
        at com.cumulocity.sdk.client.ResponseParser.parse(ResponseParser.java:57)
        at com.cumulocity.sdk.client.RestConnector.parseResponseWithoutId(RestConnector.java:364)
        at com.cumulocity.sdk.client.RestConnector.post(RestConnector.java:270)
        at com.cumulocity.sdk.client.devicecontrol.DeviceCredentialsApiImpl.pollCredentials(DeviceCredentialsApiImpl.java:46)
        at com.cumulocity.opcua.client.gateway.bootstrap.service.BootstrapService.pollDeviceCredentials(BootstrapService.java:157)
        at com.cumulocity.opcua.client.gateway.bootstrap.service.BootstrapService.lambda$scheduleDeviceCredentialsPoll$0(BootstrapService.java:144)
        at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
        at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
        at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)

It seems to me that you have registered the OPC UA Gateway but no credentials are stored localy. Maybe you changed some configuration or something went wrong.

2023-03-01 18:47:44.774 INFO 18332 — [ scheduler-12] c.c.o.c.g.v.ValueMapManagerService : No credentials are available yet: Cannot clean away orphaned server value maps.

In the last case you have to register the OPC UA Gateway new. Please remove the device gateway: OPC UA - Cumulocity IoT Guides

and also all local created files.

please look at your application-{yourProfile}.yaml

        baseDir: ${user.home}/.opcua/data


remove all file underneath data folder.

I hope this helps. But be aware, after registration you have to reconnect and configure new your OPC UA Server.

I think it would also be useful to see the contents of your conf yaml file that you start the gateway with.

Hi Alex,

I have done all the steps that you suggested but still I am getting the same error. I have attached the config file (with out credential) and log file for reference and shared some screenshot of opcua-mgnt-service subscription and gateway registration. Kindly check and suggest how I can fix the issue.

application-dev.txt (12.8 KB)
opc.log (11.6 KB)

Subscribed Opcupa-mgnt-service

In yuor conf file you have…

Credentials for the device bootstrap user


…no bootstrap credentials.

Try with…

tenantId: management
username: devicebootstrap
password: Fhdt1bb1f

1 Like

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.