Naresh created KAFKA-12807: ------------------------------ Summary: allow mTLS authorization based on different fields of X509 certificate Key: KAFKA-12807 URL: https://issues.apache.org/jira/browse/KAFKA-12807 Project: Kafka Issue Type: Improvement Reporter: Naresh
Builtin simple authorizer uses X500Principal to authorize the mTLS principals. There are other fields like SAN (Subject Alternative Name), Serial.No can be used to extend the certificate properties. Adding authorization based on SAN would help break the dependency on the CommonName in environments where CommonName is used with Autogenerated hostnames at the same time use the certs to do client auth with the kafka brokers. -- This message was sent by Atlassian Jira (v8.3.4#803005)