Hi, I have been successfully using the (experimental) SASL auth plugin feature with Dispatch Router 1.1.0. I had implemented an auth service and configured the router to use it for authenticating clients and authorizing requests to establish links.
I have now tried to use the same auth server with Dispatch Router 1.4.0 but was not able to successfully authorize a client opening two receiver links anymore. I have seen the changes made to the "authenticated-identity" property that the router expects with 1.4.0 and have modified my service accordingly. Authentication seems to work well but the router won't authorize the client's attempt to open the links anymore. Here is the log of the router: 2018-10-18 08:54:45.505399 +0000 SERVER (info) enabling remote authentication service 10.56.84.13:45672 2018-10-18 08:54:45.505466 +0000 SERVER (info) [3]: Accepted connection to 0.0.0.0:5672 from 172.17.0.1:34016 2018-10-18 08:54:45.657490 +0000 AUTHSERVICE (debug) Ignoring event for authentication service connection: PN_CONNECTION_INIT 2018-10-18 08:54:45.657556 +0000 AUTHSERVICE (debug) Ignoring event for authentication service connection: PN_CONNECTION_LOCAL_OPEN 2018-10-18 08:54:45.657586 +0000 AUTHSERVICE (debug) Handling connection bound event for authentication service connection 2018-10-18 08:54:45.668285 +0000 AUTHSERVICE (debug) Ignoring event for authentication service connection: PN_CONNECTION_WAKE 2018-10-18 08:54:45.668367 +0000 AUTHSERVICE (debug) Ignoring event for authentication service connection: PN_TRANSPORT 2018-10-18 08:54:45.674239 +0000 AUTHSERVICE (debug) Ignoring event for authentication service connection: PN_TRANSPORT 2018-10-18 08:54:45.678036 +0000 AUTHSERVICE (debug) authentication against service complete; closing connection 2018-10-18 08:54:45.678095 +0000 AUTHSERVICE (debug) Ignoring event for authentication service connection: PN_TRANSPORT 2018-10-18 08:54:45.678113 +0000 AUTHSERVICE (debug) Ignoring event for authentication service connection: PN_CONNECTION_LOCAL_CLOSE 2018-10-18 08:54:45.678128 +0000 AUTHSERVICE (info) authenticated as consumer@HONO 2018-10-18 08:54:45.678174 +0000 AUTHSERVICE (debug) Ignoring event for authentication service connection: PN_TRANSPORT 2018-10-18 08:54:45.678186 +0000 AUTHSERVICE (debug) Ignoring event for authentication service connection: PN_TRANSPORT_TAIL_CLOSED 2018-10-18 08:54:45.678194 +0000 AUTHSERVICE (debug) Ignoring event for authentication service connection: PN_TRANSPORT_ERROR 2018-10-18 08:54:45.678202 +0000 AUTHSERVICE (debug) Ignoring event for authentication service connection: PN_TRANSPORT_HEAD_CLOSED 2018-10-18 08:54:45.678211 +0000 AUTHSERVICE (debug) disconnected from authentication service 2018-10-18 08:54:45.724158 +0000 POLICY (info) [3]: DENY AMQP Attach receiver link 'event/DEFAULT_TENANT' for user 'consumer@HONO', rhost '172.17.0.1', vhost 'hono' based on link source name 2018-10-18 08:54:45.724209 +0000 POLICY (info) [3]: DENY AMQP Attach receiver link 'telemetry/DEFAULT_TENANT' for user 'consumer@HONO', rhost '172.17.0.1', vhost 'hono' based on link source name 2018-10-18 08:54:45.768878 +0000 SERVER (info) [3]: Connection from 172.17.0.1:34016 (to 0.0.0.0:5672) failed: amqp:connection:framing-error connection aborted 2018-10-18 08:54:45.769075 +0000 POLICY (debug) Connection '172.17.0.1:34016' closed with resources n_sessions=1, n_senders=0, n_receivers=0. nConnections= 0. And here is the router configuration file I am using: [ ["router", { "id": "Hono.Example.Router", "mode": "standalone", "workerThreads": 3 }], ["authServicePlugin", { "name": "Hono Auth", "host": "10.56.84.13", "port": 45672 }], ["listener", { "host": "0.0.0.0", "port": 5672, "authenticatePeer": true, "saslMechanisms": "PLAIN", "saslPlugin": "Hono Auth" }], ["policy", { "maxConnections": 1000, "enableVhostPolicy": true, "defaultVhost": "hono" }], ["vhost", { "hostname": "hono", "maxConnections": 500, "maxConnectionsPerUser": 20, "maxConnectionsPerHost": 10, "allowUnknownUser": true, "groups": { "$default": { "remoteHosts": "*" } } }], ["log", { "module": "DEFAULT", "enable": "debug+" }] ] Have there been any additional changes to the format that the router expects the authorities being conveyed in the auth server's open frame's properties? -- Mit freundlichen Grüßen / Best regards Kai Hudalla Chief Software Architect Bosch Software Innovations GmbH Ullsteinstr. 128 12109 Berlin GERMANY www.bosch-si.com Registered Office: Berlin, Registration Court: Amtsgericht Charlottenburg; HRB 148411 B Chairman of the Supervisory Board: Dr.-Ing. Thorsten Lücke; Managing Directors: Dr. Stefan Ferber, Michael Hahn --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org