Hi Scott-

Got it, makes sense. Please open a JIRA for the request:  
https://issues.apache.org/jira/ 

We’ll be doing roadmap and planning for the next round of release once 6.0.0 is 
out.

Thanks,
Matt Pavlovich

> On Oct 31, 2023, at 4:22 PM, SCOTT FIELDS <scott.fie...@kyndryl.com.INVALID> 
> wrote:
> 
> Yes, using certificate based authentication/authorization is a secondary 
> approved method if OIDC isn't supported for this customer.
> 
> But...I wanted to pursue the OIDC mechanism, since that's the customer's 
> primary solution.
> 
> -----Original Message-----
> From: Matt Pavlovich <mattr...@gmail.com> 
> Sent: Tuesday, October 31, 2023 3:19 PM
> To: users@activemq.apache.org
> Subject: [EXTERNAL] Re: Native Oauth/OIDC integration in ActiveMQ
> 
> Hi Scott-
> 
> There is interest in adding this to Apache ActiveMQ. A DRAFT RP was started 
> using JWT:
> 
> https://github.com/apache/activemq/pull/1035 
> 
> In general, using OAuth/OIDC may not be desirable as having background 
> threads refreshing tokens can have negative side effects. The OAuth2 "AppAuth 
> pattern" is something else to look into.
> 
> Have you considered two-way SSL authentication? Stronger security, with 
> expiry and revocation support.
> 
> Thanks,
> Matt Pavlovich
> 
>> On Oct 31, 2023, at 2:17 PM, SCOTT FIELDS <scott.fie...@kyndryl.com.INVALID> 
>> wrote:
>> 
>> To my knowledge, there is no native ActiveMQ integration for 
>> Authorization/Authentication via Oauth/OIDC.
>> 
>> Is there any plan, if not, to include this, besides requiring an external 
>> JAAS method provided either by an external vendor or require a custom coding 
>> front-end from the end-use provider?
>> 
>> If not, what's the best way to request this?
>> 
>> Scott Fields
>> Kyndryl
>> Senior Lead SRE - BNSF
>> 817-593-5038 (BNSF)
>> scott.fie...@kyndryl.com<mailto:scott.fie...@kyndryl.com>
>> scott.fie...@bnsf.com<mailto:scott.fie...@bnsf.com>
>> 
> 

Reply via email to