[jira] [Commented] (ARTEMIS-3168) JAAS login module to convert existing Principal to an Artemis UserPrincipal
[ https://issues.apache.org/jira/browse/ARTEMIS-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17644754#comment-17644754 ] ASF subversion and git services commented on ARTEMIS-3168: -- Commit bd72a4f38dbd3dbbeb6079977e8c9680bd24e00f in activemq-artemis's branch refs/heads/main from Gary Tully [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=bd72a4f38d ] ARTEMIS-3168 - more idomatic usage of mock-server-netty - with hasStarted > JAAS login module to convert existing Principal to an Artemis UserPrincipal > --- > > Key: ARTEMIS-3168 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3168 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: JAAS >Affects Versions: 2.17.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Minor > Fix For: 2.18.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Artemis verifies that an authenticated subject always has an Artemis > UserPrincipal which makes sense. All of the existing login modules produce > UserPrincipals. However login modules are plugable and varied. Some allow > some control of the role principal classes that they support but are less > likely to allow the Principal classes to be replaced. > For the hawtio console for example, the configurable RolePrincipal classes > allow both karaf and Artemis to co-exist and share role names. They can also > agree on the UserPrincipal class. However in chaining login modules where > there is not agreement on the UserPrincipal, it is useful to be able to > convert to the Artemis expected format at the end of the login process. > A simple PrincipalConversionLoginModule configured with the list of class > names to match against, would suffice here. A known validated XPrincipal(Bob) > can then appear in Artemis as UserPrincipal(Bob) without prior agreement, > making any login module a candidate for inclusion in the Artemis > login.config. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-3168) JAAS login module to convert existing Principal to an Artemis UserPrincipal
[ https://issues.apache.org/jira/browse/ARTEMIS-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17642628#comment-17642628 ] ASF subversion and git services commented on ARTEMIS-3168: -- Commit 0004e523558f5618e99487ab7da26bd357aecb45 in activemq-artemis's branch refs/heads/main from Gary Tully [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=0004e52355 ] ARTEMIS-3168 - isolate from leaked login.config system property by seting baseDir option > JAAS login module to convert existing Principal to an Artemis UserPrincipal > --- > > Key: ARTEMIS-3168 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3168 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: JAAS >Affects Versions: 2.17.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Minor > Fix For: 2.18.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Artemis verifies that an authenticated subject always has an Artemis > UserPrincipal which makes sense. All of the existing login modules produce > UserPrincipals. However login modules are plugable and varied. Some allow > some control of the role principal classes that they support but are less > likely to allow the Principal classes to be replaced. > For the hawtio console for example, the configurable RolePrincipal classes > allow both karaf and Artemis to co-exist and share role names. They can also > agree on the UserPrincipal class. However in chaining login modules where > there is not agreement on the UserPrincipal, it is useful to be able to > convert to the Artemis expected format at the end of the login process. > A simple PrincipalConversionLoginModule configured with the list of class > names to match against, would suffice here. A known validated XPrincipal(Bob) > can then appear in Artemis as UserPrincipal(Bob) without prior agreement, > making any login module a candidate for inclusion in the Artemis > login.config. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-3168) JAAS login module to convert existing Principal to an Artemis UserPrincipal
[ https://issues.apache.org/jira/browse/ARTEMIS-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17642553#comment-17642553 ] ASF subversion and git services commented on ARTEMIS-3168: -- Commit d95321bf83f2cbeff72653bdaee1a025b6aa890d in activemq-artemis's branch refs/heads/main from Gary Tully [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=d95321bf83 ] ARTEMIS-3168 - fix contention on pem creation and tidy up system properties > JAAS login module to convert existing Principal to an Artemis UserPrincipal > --- > > Key: ARTEMIS-3168 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3168 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: JAAS >Affects Versions: 2.17.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Minor > Fix For: 2.18.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Artemis verifies that an authenticated subject always has an Artemis > UserPrincipal which makes sense. All of the existing login modules produce > UserPrincipals. However login modules are plugable and varied. Some allow > some control of the role principal classes that they support but are less > likely to allow the Principal classes to be replaced. > For the hawtio console for example, the configurable RolePrincipal classes > allow both karaf and Artemis to co-exist and share role names. They can also > agree on the UserPrincipal class. However in chaining login modules where > there is not agreement on the UserPrincipal, it is useful to be able to > convert to the Artemis expected format at the end of the login process. > A simple PrincipalConversionLoginModule configured with the list of class > names to match against, would suffice here. A known validated XPrincipal(Bob) > can then appear in Artemis as UserPrincipal(Bob) without prior agreement, > making any login module a candidate for inclusion in the Artemis > login.config. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-3168) JAAS login module to convert existing Principal to an Artemis UserPrincipal
[ https://issues.apache.org/jira/browse/ARTEMIS-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17642498#comment-17642498 ] ASF subversion and git services commented on ARTEMIS-3168: -- Commit 5633de9cb0e0b4c35cf453eac4bef52232039517 in activemq-artemis's branch refs/heads/main from Gary Tully [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=5633de9cb0 ] ARTEMIS-3168 - fix test dependency on login.config system property being set > JAAS login module to convert existing Principal to an Artemis UserPrincipal > --- > > Key: ARTEMIS-3168 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3168 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: JAAS >Affects Versions: 2.17.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Minor > Fix For: 2.18.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Artemis verifies that an authenticated subject always has an Artemis > UserPrincipal which makes sense. All of the existing login modules produce > UserPrincipals. However login modules are plugable and varied. Some allow > some control of the role principal classes that they support but are less > likely to allow the Principal classes to be replaced. > For the hawtio console for example, the configurable RolePrincipal classes > allow both karaf and Artemis to co-exist and share role names. They can also > agree on the UserPrincipal class. However in chaining login modules where > there is not agreement on the UserPrincipal, it is useful to be able to > convert to the Artemis expected format at the end of the login process. > A simple PrincipalConversionLoginModule configured with the list of class > names to match against, would suffice here. A known validated XPrincipal(Bob) > can then appear in Artemis as UserPrincipal(Bob) without prior agreement, > making any login module a candidate for inclusion in the Artemis > login.config. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-3168) JAAS login module to convert existing Principal to an Artemis UserPrincipal
[ https://issues.apache.org/jira/browse/ARTEMIS-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17638727#comment-17638727 ] ASF subversion and git services commented on ARTEMIS-3168: -- Commit 7d537882ca4f2a00cc1cd081b256872c77e4604f in activemq-artemis's branch refs/heads/main from Gary Tully [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=7d537882ca ] ARTEMIS-3168 - fix test, ref to auto created pem before creation complete > JAAS login module to convert existing Principal to an Artemis UserPrincipal > --- > > Key: ARTEMIS-3168 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3168 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: JAAS >Affects Versions: 2.17.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Minor > Fix For: 2.18.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Artemis verifies that an authenticated subject always has an Artemis > UserPrincipal which makes sense. All of the existing login modules produce > UserPrincipals. However login modules are plugable and varied. Some allow > some control of the role principal classes that they support but are less > likely to allow the Principal classes to be replaced. > For the hawtio console for example, the configurable RolePrincipal classes > allow both karaf and Artemis to co-exist and share role names. They can also > agree on the UserPrincipal class. However in chaining login modules where > there is not agreement on the UserPrincipal, it is useful to be able to > convert to the Artemis expected format at the end of the login process. > A simple PrincipalConversionLoginModule configured with the list of class > names to match against, would suffice here. A known validated XPrincipal(Bob) > can then appear in Artemis as UserPrincipal(Bob) without prior agreement, > making any login module a candidate for inclusion in the Artemis > login.config. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-3168) JAAS login module to convert existing Principal to an Artemis UserPrincipal
[ https://issues.apache.org/jira/browse/ARTEMIS-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17637211#comment-17637211 ] ASF subversion and git services commented on ARTEMIS-3168: -- Commit 3e50014e0de9387fedfed942d51ae0264385f417 in activemq-artemis's branch refs/heads/main from ruromero [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=3e50014e0d ] [ARTEMIS-3168] Implement Kubernetes JaaS LoginModule Signed-off-by: ruromero > JAAS login module to convert existing Principal to an Artemis UserPrincipal > --- > > Key: ARTEMIS-3168 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3168 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: JAAS >Affects Versions: 2.17.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Minor > Fix For: 2.18.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Artemis verifies that an authenticated subject always has an Artemis > UserPrincipal which makes sense. All of the existing login modules produce > UserPrincipals. However login modules are plugable and varied. Some allow > some control of the role principal classes that they support but are less > likely to allow the Principal classes to be replaced. > For the hawtio console for example, the configurable RolePrincipal classes > allow both karaf and Artemis to co-exist and share role names. They can also > agree on the UserPrincipal class. However in chaining login modules where > there is not agreement on the UserPrincipal, it is useful to be able to > convert to the Artemis expected format at the end of the login process. > A simple PrincipalConversionLoginModule configured with the list of class > names to match against, would suffice here. A known validated XPrincipal(Bob) > can then appear in Artemis as UserPrincipal(Bob) without prior agreement, > making any login module a candidate for inclusion in the Artemis > login.config. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-3168) JAAS login module to convert existing Principal to an Artemis UserPrincipal
[
https://issues.apache.org/jira/browse/ARTEMIS-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17319103#comment-17319103
]
Federico Valeri commented on ARTEMIS-3168:
--
Hi [~gtully] , thanks for this example. I just tried it with [main branch
here|https://github.com/fvaleri/artemis-keycloak-demo] and I only had to do a
couple of changes:
- Remove the square brackets at the start and end of
{{artemis-keycloak-demo-realm.json}}
- Copy the exact version of keycloak dependencies into the {{instance/lib}}
folder
Maybe we could add these steps to the example's readme. I would also like to
see all required Keycloak configuration steps with a short description.
> JAAS login module to convert existing Principal to an Artemis UserPrincipal
> ---
>
> Key: ARTEMIS-3168
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3168
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Components: JAAS
>Affects Versions: 2.17.0
>Reporter: Gary Tully
>Assignee: Gary Tully
>Priority: Minor
> Fix For: 2.18.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> Artemis verifies that an authenticated subject always has an Artemis
> UserPrincipal which makes sense. All of the existing login modules produce
> UserPrincipals. However login modules are plugable and varied. Some allow
> some control of the role principal classes that they support but are less
> likely to allow the Principal classes to be replaced.
> For the hawtio console for example, the configurable RolePrincipal classes
> allow both karaf and Artemis to co-exist and share role names. They can also
> agree on the UserPrincipal class. However in chaining login modules where
> there is not agreement on the UserPrincipal, it is useful to be able to
> convert to the Artemis expected format at the end of the login process.
> A simple PrincipalConversionLoginModule configured with the list of class
> names to match against, would suffice here. A known validated XPrincipal(Bob)
> can then appear in Artemis as UserPrincipal(Bob) without prior agreement,
> making any login module a candidate for inclusion in the Artemis
> login.config.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (ARTEMIS-3168) JAAS login module to convert existing Principal to an Artemis UserPrincipal
[ https://issues.apache.org/jira/browse/ARTEMIS-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17306937#comment-17306937 ] ASF subversion and git services commented on ARTEMIS-3168: -- Commit d71d54b38a36109d5a06d536e9895d43f78752d9 in activemq-artemis's branch refs/heads/master from gtully [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=d71d54b ] ARTEMIS-3168 - add example using authentication delegation to keycloak, principal conversion for jms clients and oath for the web cosole > JAAS login module to convert existing Principal to an Artemis UserPrincipal > --- > > Key: ARTEMIS-3168 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3168 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: JAAS >Affects Versions: 2.17.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Minor > Fix For: 2.18.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Artemis verifies that an authenticated subject always has an Artemis > UserPrincipal which makes sense. All of the existing login modules produce > UserPrincipals. However login modules are plugable and varied. Some allow > some control of the role principal classes that they support but are less > likely to allow the Principal classes to be replaced. > For the hawtio console for example, the configurable RolePrincipal classes > allow both karaf and Artemis to co-exist and share role names. They can also > agree on the UserPrincipal class. However in chaining login modules where > there is not agreement on the UserPrincipal, it is useful to be able to > convert to the Artemis expected format at the end of the login process. > A simple PrincipalConversionLoginModule configured with the list of class > names to match against, would suffice here. A known validated XPrincipal(Bob) > can then appear in Artemis as UserPrincipal(Bob) without prior agreement, > making any login module a candidate for inclusion in the Artemis > login.config. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ARTEMIS-3168) JAAS login module to convert existing Principal to an Artemis UserPrincipal
[ https://issues.apache.org/jira/browse/ARTEMIS-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17306936#comment-17306936 ] ASF subversion and git services commented on ARTEMIS-3168: -- Commit 06461f146c328c3374a17315d423a4e57b6055ab in activemq-artemis's branch refs/heads/master from gtully [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=06461f1 ] ARTEMIS-3168 - add PrincipalConversionLoginModule feature > JAAS login module to convert existing Principal to an Artemis UserPrincipal > --- > > Key: ARTEMIS-3168 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3168 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: JAAS >Affects Versions: 2.17.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Minor > Fix For: 2.18.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Artemis verifies that an authenticated subject always has an Artemis > UserPrincipal which makes sense. All of the existing login modules produce > UserPrincipals. However login modules are plugable and varied. Some allow > some control of the role principal classes that they support but are less > likely to allow the Principal classes to be replaced. > For the hawtio console for example, the configurable RolePrincipal classes > allow both karaf and Artemis to co-exist and share role names. They can also > agree on the UserPrincipal class. However in chaining login modules where > there is not agreement on the UserPrincipal, it is useful to be able to > convert to the Artemis expected format at the end of the login process. > A simple PrincipalConversionLoginModule configured with the list of class > names to match against, would suffice here. A known validated XPrincipal(Bob) > can then appear in Artemis as UserPrincipal(Bob) without prior agreement, > making any login module a candidate for inclusion in the Artemis > login.config. -- This message was sent by Atlassian Jira (v8.3.4#803005)
