[
https://issues.apache.org/jira/browse/ARTEMIS-1758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16408346#comment-16408346
]
Gary Tully edited comment on ARTEMIS-1758 at 3/21/18 6:08 PM:
--------------------------------------------------------------
note: the EXTERNAL mechanism does not do a jaas login to validate the peer cert
identity, this occurs after open, when the broker security manager verifies
permissions on link attach.
with needsClientAuth=true on the TLS layer, the connection will only be
accepted if the peer cert is valid and trusted.
was (Author: gtully):
note: the EXTERNAL mechanism does not do a jaas login to validate the peer cert
identity, this occurs after open, when the broker verifies permissions.
with needsClientAuth=true on the TLS layer, the connection will only be
accepted if the peer cert is valid and trusted.
> Support SASL EXTERNAL
> ---------------------
>
> Key: ARTEMIS-1758
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1758
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: AMQP
> Affects Versions: 2.5.0
> Reporter: Gary Tully
> Assignee: Gary Tully
> Priority: Major
> Fix For: 2.6.0
>
>
> Add support for SASL EXTERNAL
> https://tools.ietf.org/html/rfc4422#appendix-A
> Peer principal from TLS client cert is used as the client identity on the
> broker.
> The identity is mapped to a broker user and role via the
> TextFileCertificateLoginModule
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
