[ https://issues.apache.org/jira/browse/ARTEMIS-1758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411520#comment-16411520 ]
ASF GitHub Bot commented on ARTEMIS-1758: ----------------------------------------- Github user gtully commented on a diff in the pull request: https://github.com/apache/activemq-artemis/pull/1961#discussion_r176762803 --- Diff: artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/AMQPConnectionCallback.java --- @@ -113,7 +116,20 @@ public ServerSASL getServerSASL(final String mechanism) { result = gssapiServerSASL; break; + case ExternalServerSASL.NAME: + // validate ssl cert present + Principal principal = CertificateUtil.getPeerPrincipalFromConnection(protonConnectionDelegate); + if (principal != null) { + ExternalServerSASL externalServerSASL = new ExternalServerSASL(); + externalServerSASL.setPrincipal(principal); + result = externalServerSASL; + } else { + logger.debug("SASL EXTERNAL mechanism requires a TLS peer principal"); --- End diff -- that is fair. there is currently not much logic around what mechanisms are supported, if a list is configured it is returned to the client. The result of returning null here fails at https://github.com/apache/activemq-artemis/pull/1961/files/c2869ca6598b7d17a56aee451daebfb7cb01fa0b#diff-f80f5c57a928d9c39f6dd7f7ea8028dfR316 > Support SASL EXTERNAL > --------------------- > > Key: ARTEMIS-1758 > URL: https://issues.apache.org/jira/browse/ARTEMIS-1758 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: AMQP > Affects Versions: 2.5.0 > Reporter: Gary Tully > Assignee: Gary Tully > Priority: Major > Fix For: 2.6.0 > > > Add support for SASL EXTERNAL > https://tools.ietf.org/html/rfc4422#appendix-A > Peer principal from TLS client cert is used as the client identity on the > broker. > The identity is mapped to a broker user and role via the > TextFileCertificateLoginModule -- This message was sent by Atlassian JIRA (v7.6.3#76005)