thank you https://issues.apache.org/jira/browse/QPID-8648
On Fri, May 19, 2023 at 4:04 AM Robbie Gemmell <robbie.gemm...@gmail.com> wrote: > The SASL process occurs first, before the Open frame. The Open frames > are what carries each peers advertised max frame size, mainly aimed at > later message deliveries. The AMQP 1.0 spec defines before this > however that the SASL frames can be at-most the 'min max frame size', > which is fixed at 512 bytes, with no way to negotiate anything larger. > > As you can probably tell, that presents a problem if things in the > SASL negotiation want to be larger, such as is likely in e.g a newer > XOAUTH2 mechanism that didnt exist when that decision was originally > made. > > To simply allow some of these newer alternative mechs to work, it was > decided to just allow things to exceed the 512byte limit since both > sides would have to already agree on using a given mech to begin with, > so doing an alternative like creating a custom multi-challenge > batching sequence to shuffle the bytes wasnt really going to be adding > much except significant complexity. > > It appears broker-j allows up to 4096, and you have now found > something to exceed even that. It doesnt look like it allows > configuring it, but increasing that seems to be the only option that > would help here. > > On Thu, 18 May 2023 at 22:14, Dan Langford <danlangf...@gmail.com> wrote: > > > > we are exploring the use of Oauth2 with Qpid BrokerJ. We use okta but its > > all openid and the keycloak provider seems like it might work for us. we > > are referencing this confluence article about how to configure the qpid > jms > > client to update the token as it expires > > > > > https://cwiki.apache.org/confluence/display/qpid/XOAUTH2+SASL+Mechanism+and+token+expiration > > > > oauth jwt tokens can be BIG!!! > > > > here is the error > > > > 2023-05-18T20:29:10,377Z WARN [IO-/172.22.0.1:59090] > > (o.a.q.s.p.v.f.FrameHandler) - Unexpected exception handling frame > > org.apache.qpid.server.util.ConnectionScopedRuntimeException: > > Connection is closed before being fully established: specified frame > > size 5007 larger than maximum frame header size 4096 > > at > org.apache.qpid.server.protocol.v1_0.AMQPConnection_1_0Impl.closeConnection(AMQPConnection_1_0Impl.java:1172) > > at > org.apache.qpid.server.protocol.v1_0.AMQPConnection_1_0Impl.handleError(AMQPConnection_1_0Impl.java:785) > > at > org.apache.qpid.server.protocol.v1_0.framing.FrameHandler.parse(FrameHandler.java:219) > > at > org.apache.qpid.server.protocol.v1_0.AMQPConnection_1_0Impl.onReceive(AMQPConnection_1_0Impl.java:1309) > > at > > > > > > as we are exploring this the problem we are running into seems to be that > > the SASL frames are too big. and when we configure the max frame size on > > the connection string that isnt configured until the Open frame is > received > > but that all is after the SASL. im wondering if there is a way to > configure > > the max frame size of the SASL frames or if there is a way to configure > the > > default/initial max frame size of BrokerJ. > > > > > https://github.com/apache/qpid-broker-j/blob/9.0.0/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0Impl.java#L188 > > > > or did i misunderstand / misinterpret my error and should the SASL auth > all > > happen after the Open frame is sent? thanks > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org > For additional commands, e-mail: users-h...@qpid.apache.org > >
