Have a look on
https://github.com/apifocal/activemix/tree/master/jaas/activemix-auth-token.
I've wrote this code a long time ago, it didn't change much since it
simply works. ;) It does rely on JWT/OIDC and can stick with external
JWK (i.e. hosted by keycloak) to verify token signatures.
Cheers,
Łukasz
On 31.10.2023 22:22, SCOTT FIELDS wrote:
Yes, using certificate based authentication/authorization is a secondary
approved method if OIDC isn't supported for this customer.
But...I wanted to pursue the OIDC mechanism, since that's the customer's
primary solution.
-----Original Message-----
From: Matt Pavlovich <mattr...@gmail.com>
Sent: Tuesday, October 31, 2023 3:19 PM
To: users@activemq.apache.org
Subject: [EXTERNAL] Re: Native Oauth/OIDC integration in ActiveMQ
Hi Scott-
There is interest in adding this to Apache ActiveMQ. A DRAFT RP was started
using JWT:
https://github.com/apache/activemq/pull/1035
In general, using OAuth/OIDC may not be desirable as having background threads refreshing
tokens can have negative side effects. The OAuth2 "AppAuth pattern" is
something else to look into.
Have you considered two-way SSL authentication? Stronger security, with expiry
and revocation support.
Thanks,
Matt Pavlovich
On Oct 31, 2023, at 2:17 PM, SCOTT FIELDS <scott.fie...@kyndryl.com.INVALID>
wrote:
To my knowledge, there is no native ActiveMQ integration for
Authorization/Authentication via Oauth/OIDC.
Is there any plan, if not, to include this, besides requiring an external JAAS
method provided either by an external vendor or require a custom coding
front-end from the end-use provider?
If not, what's the best way to request this?
Scott Fields
Kyndryl
Senior Lead SRE - BNSF
817-593-5038 (BNSF)
scott.fie...@kyndryl.com<mailto:scott.fie...@kyndryl.com>
scott.fie...@bnsf.com<mailto:scott.fie...@bnsf.com>
