While connecting to an ActiveMQ Artemis server I tried to pass a JWT token in the password field so that I can create a custom login module which validates the JWT token and authenticate the client. But when the token size is more than 4096 characters I am getting this error when connecting:
org.apache.qpid.proton.engine.TransportException: specified frame size 4381 larger than maximum SASL frame size 4096
Is there any way I can change the maximum frame size allowed in the server?
I tried to refer the ActiveMQ Artemis documentation to find a solution for this, but I couldn't find any resources on this topic.
The AMQP specification defines the minimum max frame size as 512 bytes and imposes that on all connection framing prior to the exchange of the Open which carries the connection defined max frame size (which would default to 512 bytes if not set otherwise). This low 512 byte value causes issues with some SASL mechanisms that convey extended payloads such as the one being used here which carries a token in the additional data portion of the SASL response. The proton-j engine (which is what Artemis uses) can be configured to allow the initial max frame size before the Open arrives to be larger for such cases and by default Artemis uses a value of 4096 bytes for the initial remote max frame size limit.
The broker acceptor can be configured to set this initial max frame size value in the broker XML configuration by specifying the
initialRemoteMaxFrameSize
option on the acceptor.Don't confuse the
initialRemoteMaxFrameSize
configuration value with themaxFrameSize
configuration which is configuring that value the broker will send to the remote client to indicate the largest frame size that can arrive following the exchange of the AMQP Open performative.It should be noted that this is allowing an out of specification use of the SASL framing so it my not be compatible with other AMQP servers which could likely default to enforcing an SASL frame limit of 512 bytes. Many AMQP provides have moved to offer configuration of this initial frame limit. In general it makes sense to limit this value to the smallest tolerable size to provide a limit on what a remote can encode during the initial authentication exchange.