i have the following situation: I’m using a dynamic ticket based authenticator (directly loaded as worker in crossbar) for authentication. The authenticator module itself uses an external ticket authentication service that is already there.
Now in the authenticate method in my crossbar worker i take the realm, the authid and the token. To be able to authenticate the external authentication service i do a short case differentiation: if the authid and the token match those of the external service, then i authenticate it by assign it the correct role “auth-service”. If the authid does not match the one of the external authentication service, then i call the external service.
Now the problem is when i reach the line that calls the external service it is not executed or at least the external service is never called. To eliminate the external service as an error source instead i assign a default role to the caller e.g. “user”. Unfortunately the role is never returned.
From the crossbar log i can determine that the branch in the code is executed but the returned role never reaches my client. Same goes for the client, it gets the challenge and sends its credentials to the authenticate procedure and the credentials reach the authenticate endpoint. It does not matter which role i try to assign to my client, the client never gets a response from crossbar. As client i use a slightly modified version of the client from the official examples.
I already tried the things obvious to me (checking code for correct formatting, tried various roles and user credentials, …). Know i’ve run out of ideas. Hopefully you can help me.
Here is a snippet from my code:
check if peer is external authentication service
if authid == “auth-service”:
if token == “secret-token”:
return “auth-service” # <— works fine, no problems
otherwise check the external authentication service
print(‘user authentication process’)
if token == ‘secret’:
print(‘got token’) # <— logged on the console, so branch is executed
return settings.CLIENT_DEFAULT_ROLE # <— not executed or at least response does not reach the client