On 08/22/2017 10:42 AM, Justin Bertram wrote:
I'm not sure it would make sense for the PLAIN mechanism to handle SSL
certificates since it's only supposed to handle clear text username &
password by definition [1]. If you wanted to authenticate via SSL certs
via SASL then Artemis would need to implement a SASL mechanism specifically
to support that, although I'm not aware of any standard for such a
mechanism.
One option you might consider is using 2-way SSL and configuring the broker
to only trust the certificates of the clients you want to be able to
connect.
Justin
SASL External sounds like what you are looking for.
https://tools.ietf.org/html/rfc4422#appendix-A
[1] https://tools.ietf.org/html/rfc4616
On Tue, Aug 22, 2017 at 9:23 AM, adagys <andrius.da...@r3.com> wrote:
We have a custom login module that uses client certificates for
authentication (similar to CertificateLoginModule), but that doesn't seem
to
support AMQP clients.
Looks like SASL PLAIN doesn't properly map to the Artemis' JAAS
implementation (doesn't propagate the connection so certificates can't be
retrieved):
https://github.com/apache/activemq-artemis/blob/
c54a26da3ca3696e5b98a31cd6983255441d235c/artemis-protocols/
artemis-amqp-protocol/src/main/java/org/apache/activemq/
artemis/protocol/amqp/sasl/PlainSASL.java#L33
<https://github.com/apache/activemq-artemis/blob/
c54a26da3ca3696e5b98a31cd6983255441d235c/artemis-protocols/
artemis-amqp-protocol/src/main/java/org/apache/activemq/
artemis/protocol/amqp/sasl/PlainSASL.java#L33>
Do you have any suggestions for workarounds?
Thanks
--
View this message in context: http://activemq.2283324.n4.
nabble.com/Artemis-client-certificate-authentication-
via-AMQP-tp4729894.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
--
Tim Bish
twitter: @tabish121
blog: http://timbish.blogspot.com/
