[ https://issues.apache.org/jira/browse/DISPATCH-1004?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ernest Allen updated DISPATCH-1004: ----------------------------------- Issue Type: Bug (was: Improvement) > Enable support for connecting to http enabled listener configured with > saslMechanisms other than ANONYMOUS > ---------------------------------------------------------------------------------------------------------- > > Key: DISPATCH-1004 > URL: https://issues.apache.org/jira/browse/DISPATCH-1004 > Project: Qpid Dispatch > Issue Type: Bug > Components: Container > Affects Versions: 1.1.0 > Reporter: Ernest Allen > Priority: Major > > Authentication fails when connecting to an http enabled listener that has > authenticatePeer: true with a router configured with sasl authentication. > The log messages are: > 2018-05-18 07:36:27.347973 -0400 SERVER (debug) [2] upgraded HTTP connection > from 127.0.0.1 to AMQPWS > (/home/eallen/workspace/qpid-dispatch/src/http-libwebsockets.c:402) > 2018-05-18 07:36:27.348025 -0400 POLICY (trace) ALLOW Connection '127.0.0.1' > based on global connection count. nConnections= 1 > (/home/eallen/workspace/qpid-dispatch/src/policy.c:204) > 2018-05-18 07:36:27.348041 -0400 SERVER (info) Accepted connection to > 0.0.0.0:29315 from 127.0.0.1 > (/home/eallen/workspace/qpid-dispatch/src/server.c:656) > 2018-05-18 07:36:27.348400 -0400 SERVER (trace) [2]: <- EOS > (/home/eallen/workspace/qpid-dispatch/src/server.c:103) > 2018-05-18 07:36:27.348434 -0400 SERVER (info) Connection from 127.0.0.1 (to > 0.0.0.0:29315) failed: amqp:connection:policy-error Client skipped > authentication - forbidden > (/home/eallen/workspace/qpid-dispatch/src/server.c:920) > 2018-05-18 07:36:27.348447 -0400 SERVER (trace) [2]: -> EOS > (/home/eallen/workspace/qpid-dispatch/src/server.c:103) > 2018-05-18 07:36:27.348462 -0400 POLICY (debug) Connection '127.0.0.1' closed > with resources n_sessions=0, n_senders=0, n_receivers=0. nConnections= 0. > (/home/eallen/workspace/qpid-dispatch/src/policy.c:249) > Note: To test this I did the following: > * run the router's system tests > * cd > build/tests/system_test.dir/system_tests_sasl_plain/RouterTestPlainSasl/setUpClass > * edit the X.conf file to include a listener with http: true on a new port > and start a router using X.conf > * attempt to connect to the new port using the latest console with > [t...@domain.com|mailto:t...@domain.com] / password > * view the X.log file to see the above error output > Authentication succeeds when connecting to that same router using a listener > that is not http enabled. > To verify the sasl setup, using that same router, run the following command: > qdstat -b 0.0.0.0:29215 -c --sasl-mechanisms=PLAIN > --sasl-username=t...@domain.com --sasl-password=password > The output is: > Connections > id host container role dir > security authentication tenant > > ======================================================================================================================= > 6247 127.0.0.1:44554 5972a5a1-aa46-4b36-8932-8f090307f66a normal in > no-security t...@domain.com(PLAIN) > I verified that the rhea.js library used by the console is passing the > username/password by running rhea's test "simple_sasl_client.js" under nodejs > against the above router's non-http enabled port. The connection succeeds. > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org