Yes, using certificate based authentication/authorization is a secondary approved method if OIDC isn't supported for this customer.
But...I wanted to pursue the OIDC mechanism, since that's the customer's primary solution. -----Original Message----- From: Matt Pavlovich <mattr...@gmail.com> Sent: Tuesday, October 31, 2023 3:19 PM To: users@activemq.apache.org Subject: [EXTERNAL] Re: Native Oauth/OIDC integration in ActiveMQ Hi Scott- There is interest in adding this to Apache ActiveMQ. A DRAFT RP was started using JWT: https://github.com/apache/activemq/pull/1035 In general, using OAuth/OIDC may not be desirable as having background threads refreshing tokens can have negative side effects. The OAuth2 "AppAuth pattern" is something else to look into. Have you considered two-way SSL authentication? Stronger security, with expiry and revocation support. Thanks, Matt Pavlovich > On Oct 31, 2023, at 2:17 PM, SCOTT FIELDS <scott.fie...@kyndryl.com.INVALID> > wrote: > > To my knowledge, there is no native ActiveMQ integration for > Authorization/Authentication via Oauth/OIDC. > > Is there any plan, if not, to include this, besides requiring an external > JAAS method provided either by an external vendor or require a custom coding > front-end from the end-use provider? > > If not, what's the best way to request this? > > Scott Fields > Kyndryl > Senior Lead SRE - BNSF > 817-593-5038 (BNSF) > scott.fie...@kyndryl.com<mailto:scott.fie...@kyndryl.com> > scott.fie...@bnsf.com<mailto:scott.fie...@bnsf.com> >
