[
https://issues.apache.org/jira/browse/KAFKA-14676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajini Sivaram resolved KAFKA-14676.
------------------------------------
Fix Version/s: 3.5.0
3.4.1
3.3.3
Reviewer: Manikumar
Resolution: Fixed
> Token endpoint URL used for OIDC cannot be set on the JAAS config
> -----------------------------------------------------------------
>
> Key: KAFKA-14676
> URL: https://issues.apache.org/jira/browse/KAFKA-14676
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 3.1.2, 3.4.0, 3.2.3, 3.3.2
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Major
> Fix For: 3.5.0, 3.4.1, 3.3.3
>
>
> Kafka allows multiple clients within a JVM to use different SASL
> configurations by configuring the JAAS configuration in `sasl.jaas.config`
> instead of the JVM-wide system property. For SASL login, we reuse logins
> within a JVM by caching logins indexed by their sasl.jaas.config. This relies
> on login configs being overridable using `sasl.jaas.config`.
> KIP-768
> ([https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575)]
> added support for OIDC for SASL/OAUTHBEARER. The token endpoint used to
> acquire tokens can currently only be configured using the Kafka config
> `sasl.oauthbearer.token.endpoint.url`. This prevents different clients within
> a JVM from using different URLs. We need to either provide a way to override
> the URL within `sasl.jaas.config` or include more of the client configs in
> the LoginMetadata used as key for cached logins.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
