I'm not sure it would make sense for the PLAIN mechanism to handle SSL certificates since it's only supposed to handle clear text username & password by definition [1]. If you wanted to authenticate via SSL certs via SASL then Artemis would need to implement a SASL mechanism specifically to support that, although I'm not aware of any standard for such a mechanism.
One option you might consider is using 2-way SSL and configuring the broker to only trust the certificates of the clients you want to be able to connect. Justin [1] https://tools.ietf.org/html/rfc4616 On Tue, Aug 22, 2017 at 9:23 AM, adagys <andrius.da...@r3.com> wrote: > We have a custom login module that uses client certificates for > authentication (similar to CertificateLoginModule), but that doesn't seem > to > support AMQP clients. > > Looks like SASL PLAIN doesn't properly map to the Artemis' JAAS > implementation (doesn't propagate the connection so certificates can't be > retrieved): > https://github.com/apache/activemq-artemis/blob/ > c54a26da3ca3696e5b98a31cd6983255441d235c/artemis-protocols/ > artemis-amqp-protocol/src/main/java/org/apache/activemq/ > artemis/protocol/amqp/sasl/PlainSASL.java#L33 > <https://github.com/apache/activemq-artemis/blob/ > c54a26da3ca3696e5b98a31cd6983255441d235c/artemis-protocols/ > artemis-amqp-protocol/src/main/java/org/apache/activemq/ > artemis/protocol/amqp/sasl/PlainSASL.java#L33> > > Do you have any suggestions for workarounds? > > Thanks > > > > -- > View this message in context: http://activemq.2283324.n4. > nabble.com/Artemis-client-certificate-authentication- > via-AMQP-tp4729894.html > Sent from the ActiveMQ - User mailing list archive at Nabble.com. >
