Hi Shirley, you can use certificates in place of passwords to authenticate a web console user by adding TextFileCertificateLoginModule to your login.config, for further details see https://activemq.apache.org/components/artemis/documentation/latest/security.html#securing-the-console
Alternatively, you can use keycloak to authenticate a web console user and configure Azure Entra ID as an identity provider of keycloak, for further details on using keycloak to authenticate a web console user see https://github.com/apache/activemq-artemis-examples/tree/2.39.0/examples/features/standard/security-keycloak The new web console version based on Hawtio 4 should natively support OpenID Connect identity providers as Azure Entra ID, see the in progress PR https://github.com/apache/activemq-artemis/pull/5467 Regards, Domenico On Mon, 24 Feb 2025 at 11:40, Shirley Mwombe <smwo...@gmail.com> wrote: > Hi @All/Justin, > > I have deployed ActiveMQ Artemis 2.34.0 in my prod environment, but this > has been flagged by auditors for exposing web console credentials (mostly > concerned with password) when the web browser request payload is captured > by burpsuite or browser developer tools. See sample screenshot below. > > [image: amqscreenshot.png] > > Is there a way I can set up artemis web application to encrypt the > credentials before placing them in the request payload and sending in > plain-text? > Alternatively is there a way to configure Artemis to use federated > identity like Azure Entra ID or authentication redirect to Azure? Instead > of using basic authentication of username and password? > > Kindly note ssl is already configured but this is only encrypting the > traffic in transit, but at web browser the traffic is visible. > > Regards, > Shirley > Platform Engineer > >
