On Thu, 2018-10-18 at 14:43 +0100, Gordon Sim wrote:
> On 18/10/18 10:04, Hudalla Kai (INST/ECS4) wrote:
> > here is the router configuration file I am using:
> >
> > [
> > ["router", {
> > "id": "Hono.Example.Router",
> > "mode": "standalone",
> > "workerThreads": 3
> > }],
> >
> > ["authServicePlugin", {
> > "name": "Hono Auth",
> > "host": "10.56.84.13",
> > "port": 45672
> > }],
> >
> > ["listener", {
> > "host": "0.0.0.0",
> > "port": 5672,
> > "authenticatePeer": true,
> > "saslMechanisms": "PLAIN",
> > "saslPlugin": "Hono Auth"
> > }],
> >
> > ["policy", {
> > "maxConnections": 1000,
> > "enableVhostPolicy": true,
> > "defaultVhost": "hono"
> > }],
> >
> > ["vhost", {
> > "hostname": "hono",
> > "maxConnections": 500,
> > "maxConnectionsPerUser": 20,
> > "maxConnectionsPerHost": 10,
> > "allowUnknownUser": true,
> > "groups": {
> > "$default": {
> > "remoteHosts": "*"
> > }
> > }
> >
> >
> > ["log", {
> > "module": "DEFAULT",
> > "enable": "debug+"
> > }]
> > ]
> >
> > Have there been any additional changes to the format that the router expects
> > the
> > authorities being conveyed in the auth server's open frame's properties?
>
> No, none that I can see since 1.3.0. I ran 1.3.0 against a dummy auth
> service that returned the username directly against the
> authenticated-identity option, as the router expected pre-1.4.0 and I
> still get the link denied.
>
> If I add "sources": "*", targets: "*" to the $default group in the hono
> vhost policy, it works.
>
> Are you supplying the sources/targets from your auth service? Or relying
> only on the rules in the conf file?
>
I am supplying them from the auth service in the same format that worked in
1.1.0.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
> For additional commands, e-mail: users-h...@qpid.apache.org
>
