[ https://issues.apache.org/jira/browse/ARTEMIS-1758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16408346#comment-16408346 ]
Gary Tully commented on ARTEMIS-1758: ------------------------------------- note: the EXTERNAL mechanism does not do a jaas login to validate the peer cert identity, this occurs after open, when the broker verifies permissions. with needsClientAuth=true on the TLS layer, the connection will only be accepted if the peer cert is valid and trusted. > Support SASL EXTERNAL > --------------------- > > Key: ARTEMIS-1758 > URL: https://issues.apache.org/jira/browse/ARTEMIS-1758 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: AMQP > Affects Versions: 2.5.0 > Reporter: Gary Tully > Assignee: Gary Tully > Priority: Major > Fix For: 2.6.0 > > > Add support for SASL EXTERNAL > https://tools.ietf.org/html/rfc4422#appendix-A > Peer principal from TLS client cert is used as the client identity on the > broker. > The identity is mapped to a broker user and role via the > TextFileCertificateLoginModule -- This message was sent by Atlassian JIRA (v7.6.3#76005)