Can anybody clarify the use-case for this? What messaging protocols are in
view here? I'd love to understand more. Thanks!


Justin

On Wed, Nov 1, 2023 at 12:27 PM Matt Pavlovich <mattr...@gmail.com> wrote:

> Hi Scott-
>
> Got it, makes sense. Please open a JIRA for the request:
> https://issues.apache.org/jira/
>
> We’ll be doing roadmap and planning for the next round of release once
> 6.0.0 is out.
>
> Thanks,
> Matt Pavlovich
>
> > On Oct 31, 2023, at 4:22 PM, SCOTT FIELDS <scott.fie...@kyndryl.com.INVALID>
> wrote:
> >
> > Yes, using certificate based authentication/authorization is a secondary
> approved method if OIDC isn't supported for this customer.
> >
> > But...I wanted to pursue the OIDC mechanism, since that's the customer's
> primary solution.
> >
> > -----Original Message-----
> > From: Matt Pavlovich <mattr...@gmail.com>
> > Sent: Tuesday, October 31, 2023 3:19 PM
> > To: users@activemq.apache.org
> > Subject: [EXTERNAL] Re: Native Oauth/OIDC integration in ActiveMQ
> >
> > Hi Scott-
> >
> > There is interest in adding this to Apache ActiveMQ. A DRAFT RP was
> started using JWT:
> >
> > https://github.com/apache/activemq/pull/1035
> >
> > In general, using OAuth/OIDC may not be desirable as having background
> threads refreshing tokens can have negative side effects. The OAuth2
> "AppAuth pattern" is something else to look into.
> >
> > Have you considered two-way SSL authentication? Stronger security, with
> expiry and revocation support.
> >
> > Thanks,
> > Matt Pavlovich
> >
> >> On Oct 31, 2023, at 2:17 PM, SCOTT FIELDS 
> >> <scott.fie...@kyndryl.com.INVALID>
> wrote:
> >>
> >> To my knowledge, there is no native ActiveMQ integration for
> Authorization/Authentication via Oauth/OIDC.
> >>
> >> Is there any plan, if not, to include this, besides requiring an
> external JAAS method provided either by an external vendor or require a
> custom coding front-end from the end-use provider?
> >>
> >> If not, what's the best way to request this?
> >>
> >> Scott Fields
> >> Kyndryl
> >> Senior Lead SRE - BNSF
> >> 817-593-5038 (BNSF)
> >> scott.fie...@kyndryl.com<mailto:scott.fie...@kyndryl.com>
> >> scott.fie...@bnsf.com<mailto:scott.fie...@bnsf.com>
> >>
> >
>
>

Reply via email to