[GitHub] [pulsar] cuzyoucant commented on issue #7960: AuthenticationOAuth2 as Authentication Plugin in Pulsar Proxy

Fri, 04 Sep 2020 04:23:04 -0700 


cuzyoucant commented on issue #7960:
URL: https://github.com/apache/pulsar/issues/7960#issuecomment-687084907


   @jiazhai There are no logs regarding this server-side. My guess is that the 
method .getAuthData() which returns the AuthenticationDataProvider Object 
returns an empty object, since the object should be containing the token. And 
for the token to be present it needs to call the underlying authenticate method 
which is assume the AuthenticationFactory.create() doesnt do. Hope that makes 
somewhat of a sense.
   
   Here are the relevant configs from the proxy and broker.
   
   broker:
   ```
   brokerClientAuthenticationPlugin: 
org.apache.pulsar.client.impl.auth.oauth2.AuthenticationOAuth2
   brokerClientAuthenticationParameters: '{"grant_type": 
"client_credentials","issuerUrl":
       "https://abc.com/auth/realms/myrealm","audience": "my_aud", "privateKey":
       "file:/pulsar/credentials/pulsar-broker-cred.json"}'
   webServicePortTls: "8443"
   brokerServicePortTls: "6651"
   tlsCertificateFilePath: /pulsar/certs/broker/tls.crt
   tlsKeyFilePath: /pulsar/certs/broker/tls.key
   tlsTrustCertsFilePath: /pulsar/certs/ca/ca.crt
   tokenPublicAlg: RS256
   tokenPublicKey: /pulsar/keys/pulsar-pub.key
   ```
   
   proxy:
   ```
   brokerServiceURLTLS: pulsar+ssl://pulsar-broker:6651
   brokerWebServiceURLTLS: https://pulsar-broker:8443
   servicePortTls: "6651"
   tlsAllowInsecureConnection: "false"
   tlsCertRefreshCheckDurationSec: "300"
   tlsCertificateFilePath: /pulsar/certs/proxy/tls.crt
   tlsEnabledInProxy: "true"
   tlsEnabledWithBroker: "true"
   tlsKeyFilePath: /pulsar/certs/proxy/tls.key
   tlsTrustCertsFilePath: /pulsar/certs/ca/ca.crt
   webServicePortTls: "443"
   tokenPublicAlg: RS256
   tokenPublicKey: /pulsar/keys/pulsar-pub.key
   ```
   
   Eveything not configured here is set to default. I hope thats all!


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to