[jira] [Commented] (ARTEMIS-1758) Support SASL EXTERNAL

Gary Tully (JIRA) Wed, 21 Mar 2018 09:16:29 -0700

    [ 
https://issues.apache.org/jira/browse/ARTEMIS-1758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16408159#comment-16408159
 ]


Gary Tully commented on ARTEMIS-1758:
-------------------------------------

SASL EXTERNAL will only work with an empty response from the client. If an 
identity is specified (a non empty response) authentication will fail.
This is because the cert login module maps directly the identity from the TLS 
peer certificate.

> Support SASL EXTERNAL
> ---------------------
>
>                 Key: ARTEMIS-1758
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1758
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: AMQP
>    Affects Versions: 2.5.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>             Fix For: 2.6.0
>
>
> Add support for SASL EXTERNAL
> https://tools.ietf.org/html/rfc4422#appendix-A
> Peer principal from TLS client cert is used as the client identity on the 
> broker.
> The identity is mapped to a broker user and role via the 
> TextFileCertificateLoginModule



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (ARTEMIS-1758) Support SASL EXTERNAL

Reply via email to