Dynamic authenticator with external authentication service error

#1

Now the problem is when i reach the line that calls the external service
it is not executed or at least the external service is never called. To
eliminate the external service as an error source i assign instead a
default role to the caller e.g. "user". Unfortunately the role is never
returned.

Is the role "user" configured on the realm?

Could you try out this example please (works for me):

https://github.com/crossbario/crossbarexamples/tree/master/authentication/ticket/dynamic

···

From the crossbar logs i can determine that the branch in the code is
executed but the returned role never reaches my client.

Here is a snippet from my code:

>
# check if peer is external authentication service
if authid == "auth-service":
if token == "secret-token":
  return "auth-service"
# otherwise check the external authentication service
else:
  print('user authentication process')
  if token == 'secret':
  print('got token') # <--- logged on the console, so branch is executed
  return settings.CLIENT_DEFAULT_ROLE
>

--
You received this message because you are subscribed to the Google
Groups "Crossbar" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to crossbario+...@googlegroups.com
<mailto:crossbario+...@googlegroups.com>.
To post to this group, send email to cross...@googlegroups.com
<mailto:cross...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/crossbario/f81cee2a-dd32-4bde-8c4b-1cc824cee16a%40googlegroups.com
<https://groups.google.com/d/msgid/crossbario/f81cee2a-dd32-4bde-8c4b-1cc824cee16a%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.

0 Likes

#2

Hi Tobias,

yes the role ‘user’ is defined in the crossbar settings including a wildcard authorization allowing all calls and registrations. I tried using a different name for the role but still the same result.

I already tried the official examples. Unfortunately it does not run by default (import error for method pprint_json()). When i remove the call of the method the authenticator works. Still get an error

#line 62: ticket = details[‘ticket’]
TypeError: string indices must be integers

``

Investigation shows that details already is the ticket string. When changing it to ticket = details it works fine.

Apart from those the examples runs fine, authentication works as expected.

I’m using python 3.5.0 and the latest packages from pip: crossbar 0.11.2, autobahn 0.11.0. I have tried to use the git version of crossbar but it does not install due to a compilation error.

cheers mo

0 Likes

#3

I also tried anonymous authentication (enabled in crossbar config). Here a snippet from my code:

config:

“auth”: {

“ticket”: {

“type”: “dynamic”,

“authenticator”: “com.myapp.authenticate”,

“authenticator-realm”: “realm1”

},

“anonymous”: {

“role”: “anonymous”

}

}

``

client:

in onConnect:

self.join(realm, [‘anonymous’], “anonymous”)

``

authenticator backend:

in authenticate(realm, authid, token):

elif(authid == “anonymous”):
return “anonymous”
else:
return “anonymous”

``

The authenticate method in the backend never gets called (i guess this could be normal as there are no credentials i need to send as i’m trying to login as anonymous user). But unfortunately either way my client does not receive a response/authentication from the server.

0 Likes

#4

I throw away the client from the examples and build a new one from scratch and - surprise surprise - it works perfectly

0 Likes