I cannot get Proton Python 0.14.0 to work with SASL SCRAM-SHA-1. The server is
set up properly – there are other clients connecting just fine, including one
application using the older python-qpid library, which have no issues using
this mech. Proton itself refuses to provide any real logging, unlike
python-qpid where enabling logging was trivial, so all I have from that side is:
[D 161012 17:31:41 reactor:545] connecting to
amqp://**:**@172.17.42.1:5672/INCOMING...
[E 161012 17:31:41 handlers:404] amqp:unauthorized-access: Authentication
failed [mech=(null)]
We’re using a MessagingHandler inside a Container with the following:
def on_start(self, event: Any) -> None:
conn = event.container.connect(self.url, sasl_enabled=True,
allowed_mechs='SCRAM-SHA-1')
event.container.create_receiver(conn)
On the server (Qpid C++ broker) I see the following log (info+,
trace+:Security, trace+:Protocol):
2016-10-12 17:31:41 [Network] info Set TCP_NODELAY on connection to
172.17.42.1:37772
2016-10-12 17:31:41 [Broker] info Using AMQP 1.0 (with SASL layer)
2016-10-12 17:31:41 [Security] debug External ssf=0 and auth=
2016-10-12 17:31:41 [Security] debug min_ssf: 0, max_ssf: 256, external_ssf: 0
2016-10-12 17:31:41 [Security] trace ACL ConnectionCounter new connection:
qpid.172.17.42.2:5672-172.17.42.1:37772
2016-10-12 17:31:41 [Security] info SASL: Mechanism list: SCRAM-SHA-1
2016-10-12 17:31:41 [Security] trace Completed encoding of frame of 33 bytes
2016-10-12 17:31:41 [Protocol] debug qpid.172.17.42.2:5672-172.17.42.1:37772
Sent SASL-MECHANISMS(SCRAM-SHA-1) 33
2016-10-12 17:31:41 [Protocol] debug qpid.172.17.42.2:5672-172.17.42.1:37772
writing protocol header: 1-0
2016-10-12 17:31:41 [Security] trace qpid.172.17.42.2:5672-172.17.42.1:37772
Sasl::encode(65536): 41
2016-10-12 17:31:41 [Security] info qpid.172.17.42.2:5672-172.17.42.1:37772
Connection closed prior to authentication completing
2016-10-12 17:31:41 [Security] info qpid.172.17.42.2:5672-172.17.42.1:37772
Connection closed prior to authentication completing
2016-10-12 17:31:41 [Security] trace ACL ConnectionCounter closed:
qpid.172.17.42.2:5672-172.17.42.1:37772, userId:
On the client side, the appropriate plugin exists:
Plugin "scram" [loaded], API version: 4
SASL mechanism: SCRAM-SHA-1, best SSF: 0
security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|MUTUAL_AUTH
features: PROXY_AUTHENTICATION|CHANNEL_BINDING
And just to be sure, after making sure the plugin was installed, I removed and
reinstalled Proton, which didn’t help.
This message and its attachments are the property of iJet Technologies, Inc.
and are intended solely for the use of the designated recipient(s) and their
appointed delegates. This email may contain information that is confidential.
If you are not the intended recipient, you are prohibited from printing,
copying, forwarding or saving any portion of the message or attachments. Please
delete the message and attachments and notify the sender immediately. Thank you
for your cooperation.
