Hi Timothy,
I added PN_TRACE_FRM=true (not PN_TRACE_FROM) to the C# client and see this
output:
-> SASL:[1488863629:0] AMQP,3,1,0,0
<- SASL:[1488863629:0] AMQP,3,1,0,0
<- SASL:[1488863629:0] SaslMechanisms{mechanisms=PLAIN,ANONYMOUS}
-> SASL:[1488863629:0] SaslInit{mechanismPLAIN,
initialResponse="%00admin%00admin", hostname=localhost}
<- SASL:[1488863629:0] Ok
It looks like the C# client successfully uses PLAIN?
I then added PN_TRACE_FRM=true to the C++ client, and now I see this output:
[0x1edc0b0]: SASL:FRAME: -> SASL
[0x1edc0b0]: SASL:FRAME: <- SASL
[0x1edc0b0]: AMQP:FRAME:0 <- @sasl-mechanisms(64)
[sasl-server-mechanisms=@<symbol>[:PLAIN, :ANONYMOUS]]
[0x1edc0b0]: IO:FRAME: -> EOS
amqp:unauthorized-access: SASL(-4): no mechanism available: No worthy mechs
found (Authentication failed [mech=none])
It looks like "PLAIN" is in the "sasl-server-mechanisms", but then it still
says "no mechanism available". Does that mean the C++ client still doesn't have
PLAIN enabled?
Peter
-----Original Message-----
From: Timothy Bish <[email protected]>
Sent: Monday, May 5, 2025 6:08 PM
To: [email protected]
Subject: EXTERNAL: Re: EXTERNAL: Re: Username/password authentication example
from C++ docs doesn't work?
When running the Qpid proton-dotnet client you can define the
PN_TRACE_FROM=true environment variable to have the AMQP frames printed to the
console, my guess would be PLAIN is being used since you set a password and the
broker offers that by default.
On Mon, May 5, 2025 at 5:21 PM [email protected]
<[email protected]> wrote:
>
> Hi Ted,
>
> > Try setting the sasl_allowed_mechs in your connection options. Try using
> > "PLAIN".
>
> I added this line to on_container_start:
>
> co.sasl_allowed_mechs("PLAIN");
>
> And now I get a different error:
>
> amqp:unauthorized-access: SASL(-4): no mechanism available: No worthy
> mechs found (Authentication failed [mech=none])
>
> Any idea why it's ignoring the PLAIN mechanism? I also tried adding these:
>
> co.sasl_enabled(true);
> co.sasl_allow_insecure_mechs(true);
>
> But this made no difference (same error).
>
> > Whatever you use must match what is supported on the broker-side.
>
> I believe the broker supports PLAIN, since the C# client library
> authenticated fine.
>
> Peter
>
> -----Original Message-----
> From: Ted Ross <[email protected]>
> Sent: Monday, May 5, 2025 4:48 PM
> To: [email protected]
> Subject: EXTERNAL: Re: Username/password authentication example from C++ docs
> doesn't work?
>
> Try setting the sasl_allowed_mechs in your connection options. I believe it
> is defaulting to ANONYMOUS, which does not use the user/password values. Try
> using "PLAIN". Whatever you use must match what is supported on the
> broker-side.
>
> -Ted
>
> On Mon, May 5, 2025 at 3:37 PM [email protected] <
> [email protected]> wrote:
>
> > Hi, I'm using version 0.37.0 of the C++ library
> > (qpid-proton-cpp-0.37.0) and can't figure out how to authenticate
> > with a username/password. My test
> > setup:
> >
> > For the broker, I run ActiveMQ Classic using this command: podman
> > run -it --rm --net=host --env ACTIVEMQ_CONNECTION_USER=admin --env
> > ACTIVEMQ_CONNECTION_PASSWORD=admin docker.io/apache/activemq-classic
> >
> > For the C++ client, I run the code from the "simple_send.cpp"
> > example at
> > https://qpid.apache.org/releases/qpid-proton-0.37.0/proton/cpp/api/s
> > im ple_send_8cpp-example.html, which I simplified to hardcode the
> > username/password to admin/admin:
> >
> > #include <proton/connection.hpp>
> > #include <proton/connection_options.hpp> #include
> > <proton/container.hpp> #include <proton/message.hpp> #include
> > <proton/message_id.hpp> #include <proton/messaging_handler.hpp>
> > #include <proton/reconnect_options.hpp> #include
> > <proton/tracker.hpp> #include <proton/types.hpp>
> >
> > #include <iostream>
> > #include <map>
> >
> >
> > class simple_send : public proton::messaging_handler {
> > private:
> > std::string url;
> > std::string user;
> > std::string password;
> > bool reconnect;
> > proton::sender sender;
> > int sent;
> > int confirmed;
> > int total;
> >
> > public:
> > simple_send(const std::string &s, const std::string &u, const
> > std::string &p, bool r, int c) :
> > url(s), user(u), password(p), reconnect(r), sent(0),
> > confirmed(0),
> > total(c) {}
> >
> > void on_container_start(proton::container &c) override {
> > proton::connection_options co;
> > if (!user.empty()) co.user(user);
> > if (!password.empty()) co.password(password);
> > if (reconnect) co.reconnect(proton::reconnect_options());
> > sender = c.open_sender(url, co);
> > }
> >
> > void on_connection_open(proton::connection& c) override {
> > if (c.reconnected()) {
> > sent = confirmed; // Re-send unconfirmed messages after a
> > reconnect
> > }
> > }
> >
> > void on_sendable(proton::sender &s) override {
> > while (s.credit() && sent < total) {
> > proton::message msg;
> > std::map<std::string, int> m;
> > m["sequence"] = sent + 1;
> >
> > msg.id(sent + 1);
> > msg.body(m);
> >
> > s.send(msg);
> > sent++;
> > }
> > }
> >
> > void on_tracker_accept(proton::tracker &t) override {
> > confirmed++;
> >
> > if (confirmed == total) {
> > std::cout << "all messages confirmed" << std::endl;
> > t.connection().close();
> > }
> > }
> >
> > void on_transport_close(proton::transport &) override {
> > sent = confirmed;
> > }
> > };
> >
> > int main(int argc, char **argv) {
> > std::string address = "127.0.0.1:5672/examples";
> > std::string user = "admin";
> > std::string password = "admin";
> > bool reconnect = false;
> > int message_count = 100;
> >
> > try {
> > simple_send send(address, user, password, reconnect,
> > message_count);
> > proton::container(send).run();
> >
> > return 0;
> > } catch (const std::exception& e) {
> > std::cerr << e.what() << std::endl;
> > }
> >
> > return 1;
> > }
> >
> > When run, the C++ client crashes with this error:
> >
> > amqp:unauthorized-access: Authentication failed [mech=ANONYMOUS]
> >
> > The error message suggests (?) that the username/password I specify
> > are not being used, since it says "mech=ANONYMOUS". Can anyone see
> > an obvious mistake in my C++ code? Am I not setting the username/password
> > correctly?
> > Is this a known bug in version 0.37.0?
> >
> > In contrast, I can successfully authenticate to the broker using the
> > C# library example at
> > https://docs.redhat.com/en/documentation/red_hat_build_of_apache_qpid_proton_dotnet/1.0/html-single/using_qpid_proton_dotnet/index.
> > In the C# example, if I specify the username/password as admin/admin
> > then message posting succeeds, and when I specify a wrong password
> > it fails with an authentication error.
> >
> >
--
--
Tim Bish
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected] For additional
commands, e-mail: [email protected]
