For what it's worth, the broker's SSL keystore & truststore can be modified and reloaded during runtime, and I think you could take the sender's DN and add it to the message with an AmqpInterceptor implementation. Aside from that you could implement the SASL External mechanism and send a PR. I'm not aware of any current plans to implement it.
Justin On Tue, Aug 22, 2017 at 11:39 AM, adagys <andrius.da...@r3.com> wrote: > Thanks, I had a look at SASL External before, but Artemis doesn't support > it > at the moment. Are there any plans for the future? > > Unfortunately, the 2-way SSL solution isn't sufficient for our use-case. > The > list of trusted clients is dynamic, and we want to be able to attach the > client certificate's DN to any message sent, so the sender can be reliably > identified. > > > > -- > View this message in context: http://activemq.2283324.n4. > nabble.com/Artemis-client-certificate-authentication- > via-AMQP-tp4729894p4729900.html > Sent from the ActiveMQ - User mailing list archive at Nabble.com. >
