activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Tully (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ARTEMIS-1758) Support SASL EXTERNAL
Date Wed, 21 Mar 2018 18:09:00 GMT

    [ https://issues.apache.org/jira/browse/ARTEMIS-1758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16408346#comment-16408346
] 

Gary Tully commented on ARTEMIS-1758:
-------------------------------------

note: the EXTERNAL mechanism does not do a jaas login to validate the peer cert identity,
this occurs after open, when the broker verifies permissions.
with needsClientAuth=true on the TLS layer, the connection will only be accepted if the peer
cert is valid and trusted.

> Support SASL EXTERNAL
> ---------------------
>
>                 Key: ARTEMIS-1758
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1758
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: AMQP
>    Affects Versions: 2.5.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>             Fix For: 2.6.0
>
>
> Add support for SASL EXTERNAL
> https://tools.ietf.org/html/rfc4422#appendix-A
> Peer principal from TLS client cert is used as the client identity on the broker.
> The identity is mapped to a broker user and role via the TextFileCertificateLoginModule



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message