Q: authentication using external server

[Jun]

Hello, 

When a device connects to crossbar, it needs to be authenticated by an external authentication server who takes username and password and returns yes or no. 

1st question: Will this supported by ticket authentication feature of crossbar? 

If so, my understanding is to configure it as: 

authenticator

"com.example.authenticate"

2nd question: Can I create  a separate client which registers a callback to "com.example.authenticate"?

for example, using jawampa, 

    wampclient.registerProcedure("com.cisco.wamp.authen.callback").subscribe(new Action1<Request>() {

    @Override

                        public void call(Request request) {

                        // call external authenticator to authenticate 

                        }

or it has to use python code the way it was done at https://github.com/crossbario/crossbarexamples/blob/master/authentication/ticket/dynamic/authenticator.py

thank you.

Regards,

Jun 

[Tobias Oberstein]

Am 30.01.2016 um 00:35 schrieb Jun:
> Hello,
>
> When a device connects to crossbar, it needs to be authenticated by an
> external authentication server who takes username and password and
> returns yes or no.
>
> 1st question: Will this supported by ticket authentication feature of
> crossbar?

Yes, that's exactly one use case for this authmethod.

Use WAMP-Ticket dynamic.

E.g. here is an example

https://github.com/crossbario/crossbarexamples/blob/master/authentication/ticket/dynamic/authenticator.py#L71

That line takes the secret ("ticket") provided by the client to be
authenticated, and compares that to a pre-shared known good secret.

In place of this line of code, invoke your external authentication server.

>
> If so, my understanding is to configure it as:
> |authenticator| "com.example.authenticate"
>
>
> 2nd question: Can I create a separate client which registers a callback
> to "com.example.authenticate"?
> for example, using jawampa,
>
> wampclient.registerProcedure("com.cisco.wamp.authen.callback").subscribe(new
> Action1<Request>() {
>
> @Override
>
> public void call(Request request) {
>
> // call external authenticator to authenticate
>
> }
>
>
> or it has to use python code the way it was done
> at https://github.com/crossbario/crossbarexamples/blob/master/authentication/ticket/dynamic/authenticator.py

No need to use Python. That's the beauty: you can use _any_ WAMP
supported language to implement your dynamic authenticator. Does not matter.

From the point of view of Crossbar.io, a dynamic authenticator is just
a regular client as any other. It's just that Crossbar.io _itself_ will
issue calls into your component - which is different from regular
components (which never get called into from Crossbar.io, but only from
other user components).

>
>
>
> thank you.
>
>
> Regards,
>
> Jun
>
> --
> You received this message because you are subscribed to the Google
> Groups "Crossbar" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to crossbario+...@googlegroups.com
> <mailto:crossbario+...@googlegroups.com>.
> To post to this group, send email to cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/crossbario/c18cda39-6b4f-458d-8756-fefbad7bbe30%40googlegroups.com
> <https://groups.google.com/d/msgid/crossbario/c18cda39-6b4f-458d-8756-fefbad7bbe30%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.

[Jun Zou]

I saw the example code using nodejs where the nodejs is used as a guest worker. 

I am wondering if it is ok to do the same authentication which will be done in an external component. 

Regards,
Jun

--
You received this message because you are subscribed to a topic in the Google Groups "Crossbar" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/crossbario/OoABSkYkyLE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to crossbario+...@googlegroups.com.
To post to this group, send email to cross...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/crossbario/56AC85C7.2000504%40gmail.com.

[Tobias Oberstein]

Am 01.02.2016 um 21:45 schrieb Jun Zou:
> I saw the example code using nodejs where the nodejs is used as a guest
> worker.

Yep, you can have dynamic authenticators being run under Node, and
hosted by Crossbar.io as guest workers.

> I am wondering if it is ok to do the same authentication which will be
> done in an external component.

Yeah, dynamic authenticators need/should to authenticate themself;)

If Crossbar.io and the authenticator run on the same host, Unix domain
socket transports will "shift" the auth problem to a filesystem
permission thing - a very safe approach.

Or you can have Crossbar.io and a dynamic authenticator share a secret
and use WAMP-Ticket auth. - and eg have the secret read from an
environment variable.

Cheers,
/Tobias

> <mailto:crossbario%2Bunsu...@googlegroups.com>
> <mailto:crossbario+...@googlegroups.com
> <mailto:crossbario%2Bunsu...@googlegroups.com>>.

> To post to this group, send email to cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>

> <mailto:cross...@googlegroups.com

> <mailto:cross...@googlegroups.com>>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/crossbario/c18cda39-6b4f-458d-8756-fefbad7bbe30%40googlegroups.com
> <https://groups.google.com/d/msgid/crossbario/c18cda39-6b4f-458d-8756-fefbad7bbe30%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to a topic in
> the Google Groups "Crossbar" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/crossbario/OoABSkYkyLE/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> crossbario+...@googlegroups.com

> <mailto:crossbario%2Bunsu...@googlegroups.com>.

> To post to this group, send email to cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/crossbario/56AC85C7.2000504%40gmail.com.
> For more options, visit https://groups.google.com/d/optout.
>
>

> --
> You received this message because you are subscribed to the Google
> Groups "Crossbar" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to crossbario+...@googlegroups.com
> <mailto:crossbario+...@googlegroups.com>.
> To post to this group, send email to cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/crossbario/CAJeU64BXoQ-x1iejiMv_0%2BxKP8_GkaruOgKgK-zsSzRpaoBZZA%40mail.gmail.com
> <https://groups.google.com/d/msgid/crossbario/CAJeU64BXoQ-x1iejiMv_0%2BxKP8_GkaruOgKgK-zsSzRpaoBZZA%40mail.gmail.com?utm_medium=email&utm_source=footer>.

[Jun Zou]

just to confirm: 

You mentioned that authenticator can be hosted by Crossbar.io as guest workers.

Another option is that the authentication can be done by an external client which register a authentication RPC call back, right?

Thanks

Jun

To unsubscribe from this group and all its topics, send an email to crossbario+...@googlegroups.com.
To post to this group, send email to cross...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/crossbario/56AFD327.30307%40gmail.com.

[Tobias Oberstein]

Am 01.02.2016 um 23:49 schrieb Jun Zou:
> just to confirm:
>
> You mentioned that authenticator can be hosted by Crossbar.io as guest
> workers.
>
> Another option is that the authentication can be done by an external
> client which register a authentication RPC call back, right?

Yes.

It does not matter whether the procedure that acts as a dynamic
authenticator is registered by a client/component hosted (= started &
monitored) by Crossbar.io, or the client/component reside a different
host at the other end of the world, started independently of Crossbar.io

> <mailto:tobias.o...@gmail.com

> <mailto:crossbario%2Bunsu...@googlegroups.com
> <mailto:crossbario%252Buns...@googlegroups.com>>
> <mailto:crossbario+...@googlegroups.com
> <mailto:crossbario%2Bunsu...@googlegroups.com>
> <mailto:crossbario%2Bunsu...@googlegroups.com
> <mailto:crossbario%252Buns...@googlegroups.com>>>.

> To post to this group, send email to
> cross...@googlegroups.com <mailto:cross...@googlegroups.com>
> <mailto:cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>>
> <mailto:cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>
> <mailto:cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>>>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/crossbario/c18cda39-6b4f-458d-8756-fefbad7bbe30%40googlegroups.com
>
> <https://groups.google.com/d/msgid/crossbario/c18cda39-6b4f-458d-8756-fefbad7bbe30%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to a
> topic in
> the Google Groups "Crossbar" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/crossbario/OoABSkYkyLE/unsubscribe.
> To unsubscribe from this group and all its topics, send an
> email to
> crossbario+...@googlegroups.com
> <mailto:crossbario%2Bunsu...@googlegroups.com>

> <mailto:crossbario%2Bunsu...@googlegroups.com
> <mailto:crossbario%252Buns...@googlegroups.com>>.

> To post to this group, send email to
> cross...@googlegroups.com <mailto:cross...@googlegroups.com>
> <mailto:cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>>.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/crossbario/56AC85C7.2000504%40gmail.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Crossbar" group.
> To unsubscribe from this group and stop receiving emails from
> it, send
> an email to crossbario+...@googlegroups.com

> <mailto:crossbario%2Bunsu...@googlegroups.com>
> <mailto:crossbario+...@googlegroups.com
> <mailto:crossbario%2Bunsu...@googlegroups.com>>.
> To post to this group, send email to cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>
> <mailto:cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>>.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/crossbario/CAJeU64BXoQ-x1iejiMv_0%2BxKP8_GkaruOgKgK-zsSzRpaoBZZA%40mail.gmail.com
> <https://groups.google.com/d/msgid/crossbario/CAJeU64BXoQ-x1iejiMv_0%2BxKP8_GkaruOgKgK-zsSzRpaoBZZA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to a topic in
> the Google Groups "Crossbar" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/crossbario/OoABSkYkyLE/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to

> crossbario+...@googlegroups.com
> <mailto:crossbario%2Bunsu...@googlegroups.com>.
> To post to this group, send email to cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/crossbario/56AFD327.30307%40gmail.com.
>
> For more options, visit https://groups.google.com/d/optout.
>
>

> --
> You received this message because you are subscribed to the Google
> Groups "Crossbar" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to crossbario+...@googlegroups.com
> <mailto:crossbario+...@googlegroups.com>.
> To post to this group, send email to cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/crossbario/CAJeU64Btn4-TuHoGs3FgRuoHRQFmuiOpfOYyKK6_6hwfw66M9Q%40mail.gmail.com
> <https://groups.google.com/d/msgid/crossbario/CAJeU64Btn4-TuHoGs3FgRuoHRQFmuiOpfOYyKK6_6hwfw66M9Q%40mail.gmail.com?utm_medium=email&utm_source=footer>.