[ https://issues.apache.org/jira/browse/KAFKA-13859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17530796#comment-17530796 ]
Oliver Payne commented on KAFKA-13859: -------------------------------------- Sorry for the late response. I see that this has already been marked resolved, but wanted to answer the questions I left hanging here. [~dengziming] The following exception is coming from the client logs: {code:java} org.springframework.kafka.core.KafkaProducerException: Failed to send; nested exception is org.apache.kafka.common.errors.ClusterAuthorizationException: Cluster authorization failed. at org.springframework.kafka.core.KafkaTemplate.lambda$buildCallback$6(KafkaTemplate.java:690) ~[spring-kafka-2.8.5.jar:2.8.5] at org.springframework.kafka.core.DefaultKafkaProducerFactory$CloseSafeProducer$1.onCompletion(DefaultKafkaProducerFactory.java:1001) ~[spring-kafka-2.8.5.jar:2.8.5] at org.apache.kafka.clients.producer.KafkaProducer$InterceptorCallback.onCompletion(KafkaProducer.java:1350) ~[kafka-clients-3.0.1.jar:na] at org.apache.kafka.clients.producer.internals.ProducerBatch.completeFutureAndFireCallbacks(ProducerBatch.java:273) ~[kafka-clients-3.0.1.jar:na] at org.apache.kafka.clients.producer.internals.ProducerBatch.abort(ProducerBatch.java:161) ~[kafka-clients-3.0.1.jar:na] at org.apache.kafka.clients.producer.internals.RecordAccumulator.abortBatches(RecordAccumulator.java:773) ~[kafka-clients-3.0.1.jar:na] at org.apache.kafka.clients.producer.internals.Sender.maybeAbortBatches(Sender.java:498) ~[kafka-clients-3.0.1.jar:na] at org.apache.kafka.clients.producer.internals.Sender.runOnce(Sender.java:307) ~[kafka-clients-3.0.1.jar:na] at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:243) ~[kafka-clients-3.0.1.jar:na] at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na] Caused by: org.apache.kafka.common.errors.ClusterAuthorizationException: Cluster authorization failed. {code} Our broker version is 2.6.2 Here are our producer configs: {code:java} "security.protocol" -> "SASL_SSL""value.serializer" -> "org.apache.kafka.common.serialization.StringSerializer""sasl.mechanism" -> "SCRAM-SHA-512""sasl.jaas.config" -> "org.apache.kafka.common.security.scram.ScramLoginModule required username="redacted" password="redacted";""bootstrap.servers" -> "server-name-redacted1:9096, server-name-redacted2:9096, server-name-redacted3:9096""key.serializer" -> "org.apache.kafka.common.serialization.StringSerializer""ssl.endpoint.identification.algorithm" -> "https" {code} I also added the enable.idempotence = false per your recommendation, and it seemed to resolve the issue. Thanks for the suggestion > SCRAM authentication issues with kafka-clients 3.0.1 > ---------------------------------------------------- > > Key: KAFKA-13859 > URL: https://issues.apache.org/jira/browse/KAFKA-13859 > Project: Kafka > Issue Type: Bug > Components: clients > Affects Versions: 3.0.1 > Reporter: Oliver Payne > Assignee: dengziming > Priority: Major > > When attempting to produce records to Kafka using a client configured with > SCRAM authentication, the authentication is being rejected, and the following > exception is thrown: > {{org.apache.kafka.common.errors.ClusterAuthorizationException: Cluster > authorization failed.}} > I am seeing this happen with a Springboot service that was recently upgraded > to 2.6.5. After looking into this, I learned that Springboot moved to > kafka-clients 3.0.1 from 3.0.0 in that version. And sure enough, downgrading > to kafka-clients resolved the issue, with no changes made to the configs. > I have also attempted to connect to a separate server with kafka-clients > 3.0.1, using plaintext authentication. That works fine. So the issue appears > to be with SCRAM authentication. > I will note that I am attempting to connect to an AWS MSK instance. We use > SCRAM-SHA-512 as our sasl mechanism, using the basic {{ScramLoginModule.}} -- This message was sent by Atlassian Jira (v8.20.7#820007)