On 18/10/18 10:04, Hudalla Kai (INST/ECS4) wrote:
here is the router configuration file I am using:[ ["router", { "id": "Hono.Example.Router", "mode": "standalone", "workerThreads": 3 }], ["authServicePlugin", { "name": "Hono Auth", "host": "10.56.84.13", "port": 45672 }], ["listener", { "host": "0.0.0.0", "port": 5672, "authenticatePeer": true, "saslMechanisms": "PLAIN", "saslPlugin": "Hono Auth" }], ["policy", { "maxConnections": 1000, "enableVhostPolicy": true, "defaultVhost": "hono" }], ["vhost", { "hostname": "hono", "maxConnections": 500, "maxConnectionsPerUser": 20, "maxConnectionsPerHost": 10, "allowUnknownUser": true, "groups": { "$default": { "remoteHosts": "*" } } }], ["log", { "module": "DEFAULT", "enable": "debug+" }] ] Have there been any additional changes to the format that the router expects the authorities being conveyed in the auth server's open frame's properties?
No, none that I can see since 1.3.0. I ran 1.3.0 against a dummy auth service that returned the username directly against the authenticated-identity option, as the router expected pre-1.4.0 and I still get the link denied.
If I add "sources": "*", targets: "*" to the $default group in the hono vhost policy, it works.
Are you supplying the sources/targets from your auth service? Or relying only on the rules in the conf file?
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
