[
https://issues.apache.org/jira/browse/ARTEMIS-1758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411520#comment-16411520
]
ASF GitHub Bot commented on ARTEMIS-1758:
-----------------------------------------
Github user gtully commented on a diff in the pull request:
https://github.com/apache/activemq-artemis/pull/1961#discussion_r176762803
--- Diff:
artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/AMQPConnectionCallback.java
---
@@ -113,7 +116,20 @@ public ServerSASL getServerSASL(final String
mechanism) {
result = gssapiServerSASL;
break;
+ case ExternalServerSASL.NAME:
+ // validate ssl cert present
+ Principal principal =
CertificateUtil.getPeerPrincipalFromConnection(protonConnectionDelegate);
+ if (principal != null) {
+ ExternalServerSASL externalServerSASL = new
ExternalServerSASL();
+ externalServerSASL.setPrincipal(principal);
+ result = externalServerSASL;
+ } else {
+ logger.debug("SASL EXTERNAL mechanism requires a TLS
peer principal");
--- End diff --
that is fair. there is currently not much logic around what mechanisms are
supported, if a list is configured it is returned to the client.
The result of returning null here fails at
https://github.com/apache/activemq-artemis/pull/1961/files/c2869ca6598b7d17a56aee451daebfb7cb01fa0b#diff-f80f5c57a928d9c39f6dd7f7ea8028dfR316
> Support SASL EXTERNAL
> ---------------------
>
> Key: ARTEMIS-1758
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1758
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: AMQP
> Affects Versions: 2.5.0
> Reporter: Gary Tully
> Assignee: Gary Tully
> Priority: Major
> Fix For: 2.6.0
>
>
> Add support for SASL EXTERNAL
> https://tools.ietf.org/html/rfc4422#appendix-A
> Peer principal from TLS client cert is used as the client identity on the
> broker.
> The identity is mapped to a broker user and role via the
> TextFileCertificateLoginModule
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
