activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Melvin E Santos-Piza (JIRA)" <>
Subject [jira] [Created] (AMQ-6220) Enhance AMQ jaasAuthenticationPlugin(s)
Date Mon, 21 Mar 2016 14:38:25 GMT
Melvin E Santos-Piza created AMQ-6220:

             Summary: Enhance AMQ jaasAuthenticationPlugin(s)
                 Key: AMQ-6220
             Project: ActiveMQ
          Issue Type: New Feature
    Affects Versions: 5.x
            Reporter: Melvin E Santos-Piza

I'm standing a cluster of AMQs, which I will offer in a multi-tenant setup. Each tenant will
have a networkOfBrokers with SSL transports (only) on each broker. Each broker will have two
transports: 1) frontdoor - which is what the clients will connect to (1-way TLS + LDAP Auth)
2) backdoor - will connect the network (2-way TLS). The problem is that the broker expects
me to also authenticate the broker via LDAP on the backdoor. This proves troublesome as I
would've to configure, and protect, customers LDAP credentials. I would much rather have 2-Way
TLS, as I can have the certificates in a keystore + its key vaulted somewhere in the host.
I've looked at 1) org.apache.activemq.jaas.TextFileCertificateLoginModule +
2) org.apache.activemq.jaas.LDAPLoginModule +
but, both of these LoginModules handle different callBacks + the authenticationPlugins expect
sequential successes; the way BrokerFilter works, one can't have a fallback jaasPlugin. What's
needed, is an authenticationPlugin that will use a CertificateCallBackHandler as the primary
logon, and a CredentialsCallBackHandler as a the default, kind of what SSH does (i.e

This message was sent by Atlassian JIRA

View raw message