Hi, Indeed, it seems that SASL frames are handled before the _maxFrameSize value is adjusted.
Could you please create a JIRA for this issue? Kind regards, Daniil Kirilyuk On Thu, 18 May 2023 at 23:14, Dan Langford <danlangf...@gmail.com> wrote: > > we are exploring the use of Oauth2 with Qpid BrokerJ. We use okta but its > all openid and the keycloak provider seems like it might work for us. we > are referencing this confluence article about how to configure the qpid jms > client to update the token as it expires > > https://cwiki.apache.org/confluence/display/qpid/XOAUTH2+SASL+Mechanism+and+token+expiration > > oauth jwt tokens can be BIG!!! > > here is the error > > 2023-05-18T20:29:10,377Z WARN [IO-/172.22.0.1:59090] > (o.a.q.s.p.v.f.FrameHandler) - Unexpected exception handling frame > org.apache.qpid.server.util.ConnectionScopedRuntimeException: > Connection is closed before being fully established: specified frame > size 5007 larger than maximum frame header size 4096 > at > org.apache.qpid.server.protocol.v1_0.AMQPConnection_1_0Impl.closeConnection(AMQPConnection_1_0Impl.java:1172) > at > org.apache.qpid.server.protocol.v1_0.AMQPConnection_1_0Impl.handleError(AMQPConnection_1_0Impl.java:785) > at > org.apache.qpid.server.protocol.v1_0.framing.FrameHandler.parse(FrameHandler.java:219) > at > org.apache.qpid.server.protocol.v1_0.AMQPConnection_1_0Impl.onReceive(AMQPConnection_1_0Impl.java:1309) > at > > > as we are exploring this the problem we are running into seems to be that > the SASL frames are too big. and when we configure the max frame size on > the connection string that isnt configured until the Open frame is received > but that all is after the SASL. im wondering if there is a way to configure > the max frame size of the SASL frames or if there is a way to configure the > default/initial max frame size of BrokerJ. > > https://github.com/apache/qpid-broker-j/blob/9.0.0/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0Impl.java#L188 > > or did i misunderstand / misinterpret my error and should the SASL auth all > happen after the Open frame is sent? thanks --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org