MutualAuthentication when we using nodejs environemnt #149
Comments
|
For now, we have disabled mutual authentication in Node |
|
We have the following problem.. When we did a unsubscribe from When we did a unsubscribe from Browser unsubscribe: Nodejs receive: --- Policy Engine ---
{ type: 'unsubscribe',
from: 'runtime://localhost/51233043-488e-2b45-3a53-9a8709fa145e/sm',
to: 'connection://localhost/537f5bae-2882-4fdb-aa68-5ad432f32967/subscription',
body:
{ resource: 'connection://localhost/537f5bae-2882-4fdb-aa68-5ad432f32967',
auth: false,
via: 'msg-node.localhost/protostub/5126' },
id: 8 }
[StorageManager] - get capabilities
Capability node is available? true
connection://localhost/537f5bae-2882-4fdb-aa68-5ad432f32967/subscription-RCV: { type: 'unsubscribe',
from: 'runtime://localhost/51233043-488e-2b45-3a53-9a8709fa145e/sm',
to: 'connection://localhost/537f5bae-2882-4fdb-aa68-5ad432f32967/subscription',
body:
{ resource: 'connection://localhost/537f5bae-2882-4fdb-aa68-5ad432f32967',
auth: false,
via: 'msg-node.localhost/protostub/5126' },
id: 8 }And we don't have the unsubscribe process completed. So, we think, this problem is related with disabling the mutual authentication. |
|
Besides, an error happens on for NodeHyperty running on Nodejs-Runtime at the handshake phase. For precision : |
|
@jboulmal This is the error I'm getting also. I have followed @vitormsilva suggestion of implementing the node-webcrypto-ossl library with the appropriate extension to the runtimeFactory. But this error is not directly related to that. What happens is that the nodejs user is fake and as such it is not authenticated in the same way the browser user is authenticated. This means that the internal structures such as the user's keyPair is not complete. As such, when the decrypt tries to decrypt the message it cannot read the |
|
But @tiagolb I don't have this issue in case : As temporary fix! could you disable authentication for Observer Hyperty on Runtime Node ? |
|
@jboulmal What I'm going to try is to change Nodejs' fake user profile to have a generated keyPair each time do this error doesn't occur. I'll keep you updated. |
|
@tiagolb Have you pushed your updates, so that I can't debug from my side concurrently ? |
|
@jboulmal I haven't yet because I have found another problem connected to the runtime-core. My node version is 7.4 |
|
I thought you're on an old version! |
|
I solved the underlying issue of the encoding process. But further down the execution I receive a I'll leave the logs here: Do you want me to push the changes I've made under a different branch so you can take a look at this problem? |
|
@tiagolb @vitormsilva , please @tiagolb push them in separate branch, and tell us how to replicate your test may be on slack! |
|
@jboulmal I pushed the changes made to Anyway, I've been discussing with @vitormsilva and we realized that this problem is still related to the Mutual Authentication issue. As you can see, the |
|
@jboulmal @vitormsilva I'm also having a |
|
@jboulmal I pushed my changes to both the dev-runtime-core and dev-runtime-nodejs repositories. The branch I created is called Can you run my code and report the errors you get? |
|
I've disabled mutual authentication in runtime-core branch Next I'll try these options (suggested by @pchainho ):
|
|
It has been unblocked by disabling |
|
I'm trying to follow the second approach of creating an idP proxy for nodejs identities which doesn't connect to any idP. I have a token in this idP proxy which is answered back when the idP proxy is queried. But I'm having difficulties getting the idP proxy to work. I've adapted this idp Proxy template and added it to the |
|
I'm adopting a new strategy regarding this issue. The code is implemented in such a way that the IDM manages the nodejs interaction differently (it specifies the generateAssertion methodology for instance, although incorrectly). What I am to do, in order to accelerate the progress of this issue is to, instead of defining a new IdP Proxy for nodejs, adapt the specific nodejs implementation and hardcode the authentication code of an identity (using the google.com IdP) after the login opening process. This allows the other hyperty to connect to the google IdP normally and validate the assertion. After this issue is resolved I'll go back and update the code to normalize the management process of identities in nodejs. |
|
This issue is currently delayed because of #160 |
|
The mutual authentication process of nodejs is working. By this I mean that nodejs validates the assertion generated by a browser hyperty and sends a valid assertion to that same hyperty. But I'm having a problem regarding differences between webcrypto and the crypto library in nodejs. I'm getting this error when the key exchange process happens between the two hyperties, specifically when a key is decrypted using RSA: Generally this error happens because the content being decrypted is to large. But this error is not happening in the browser. |
|
A reference I found that may help: http://people.ischool.berkeley.edu/~nick/signal-protocol-js/ |
|
To test NodeJS, the branch issue149 must be used on the dev-runtime-core, dev-runtime-nodejs and dev-protostubs repositories. |
When we have a reporter running on nodejs and an observer running on browser we have problems related with the Mutual Authentication.
We found some possible causes and all need to be fixed:
{ "assertion": "aGVsbG8gZnJpZW5kcw==", "identity": "user://boldint.com/vitorsilva", "idp": "Object", "info": "Object", "infoToken": "Object", "keyPair": "Object", "messageInfo": "Object" }The text was updated successfully, but these errors were encountered: