FYI, I'm awaiting the technical details from the AMQ admins on our side regarding the client use cases involved.
-----Original Message----- From: Justin Bertram <jbert...@apache.org> Sent: Wednesday, November 1, 2023 12:45 PM To: users@activemq.apache.org Subject: [EXTERNAL] Re: Native Oauth/OIDC integration in ActiveMQ Can anybody clarify the use-case for this? What messaging protocols are in view here? I'd love to understand more. Thanks! Justin On Wed, Nov 1, 2023 at 12:27 PM Matt Pavlovich <mattr...@gmail.com> wrote: > Hi Scott- > > Got it, makes sense. Please open a JIRA for the request: > INVALID URI REMOVED > _jira_&d=DwIFaQ&c=cCoa5WWAB7EEETJScYfkXg&r=LQqpejpmPovblCMRepcZSfPCNx6 > OWpQ6tx9PqWhrghQ&m=nXztDtwq3oUC9PwBq8DSh1xJpsp8sEgsIJJgFfnOnXIEcWhXPnB > O4nNZ-P0AcAvt&s=EsvNxmpIzKiaKvwq3i6NlRNPFd9sXiBiAoPA_ocaWtk&e= > > We’ll be doing roadmap and planning for the next round of release once > 6.0.0 is out. > > Thanks, > Matt Pavlovich > > > On Oct 31, 2023, at 4:22 PM, SCOTT FIELDS > > <scott.fie...@kyndryl.com.INVALID> > wrote: > > > > Yes, using certificate based authentication/authorization is a > > secondary > approved method if OIDC isn't supported for this customer. > > > > But...I wanted to pursue the OIDC mechanism, since that's the > > customer's > primary solution. > > > > -----Original Message----- > > From: Matt Pavlovich <mattr...@gmail.com> > > Sent: Tuesday, October 31, 2023 3:19 PM > > To: users@activemq.apache.org > > Subject: [EXTERNAL] Re: Native Oauth/OIDC integration in ActiveMQ > > > > Hi Scott- > > > > There is interest in adding this to Apache ActiveMQ. A DRAFT RP was > started using JWT: > > > > INVALID URI REMOVED > > he_activemq_pull_1035&d=DwIFaQ&c=cCoa5WWAB7EEETJScYfkXg&r=LQqpejpmPo > > vblCMRepcZSfPCNx6OWpQ6tx9PqWhrghQ&m=nXztDtwq3oUC9PwBq8DSh1xJpsp8sEgs > > IJJgFfnOnXIEcWhXPnBO4nNZ-P0AcAvt&s=wAemuHPk4ei6Ff2zo03Bsa1sco_3PB2a- > > dXkAYggG1A&e= > > > > In general, using OAuth/OIDC may not be desirable as having > > background > threads refreshing tokens can have negative side effects. The OAuth2 > "AppAuth pattern" is something else to look into. > > > > Have you considered two-way SSL authentication? Stronger security, > > with > expiry and revocation support. > > > > Thanks, > > Matt Pavlovich > > > >> On Oct 31, 2023, at 2:17 PM, SCOTT FIELDS > >> <scott.fie...@kyndryl.com.INVALID> > wrote: > >> > >> To my knowledge, there is no native ActiveMQ integration for > Authorization/Authentication via Oauth/OIDC. > >> > >> Is there any plan, if not, to include this, besides requiring an > external JAAS method provided either by an external vendor or require > a custom coding front-end from the end-use provider? > >> > >> If not, what's the best way to request this? > >> > >> Scott Fields > >> Kyndryl > >> Senior Lead SRE - BNSF > >> 817-593-5038 (BNSF) > >> scott.fie...@kyndryl.com<mailto:scott.fie...@kyndryl.com> > >> scott.fie...@bnsf.com<mailto:scott.fie...@bnsf.com> > >> > > > >
