Hi Brandt, The username is used as the principal for SALS/PLAIN. Check *sals.jaas.config* value at the client's configuration file.
Let me know if I haven't understood you correctly. Best regards Dave Newton, Brandt (CAI - Burlington) <brandt.new...@coxautoinc.com> schrieb am Mo., 20. Apr. 2020, 21:30: > Hi All, > > I’d like to determine the principal of the credentials that were used to > authenticate so I can check that the principal’s ACLs. > > I’m using the Kafka client libraries (NetworkClient specifically but > that’s not a requirement) to connect to a Kafka cluster using the SASL_SSL > security protocol and PLAIN mechanism. I only provide the password in > sasl.jaas.config and I’m able to successfully authenticate with Kafka and > make requests. > > Is there a way to get the principal? I can see the principal if I perform > an unauthorized action*, but I believe this comes from the server. > > Thanks, > Brandt > > > *Principal is visible in TentantMetaData user=principal of the not > authorized message: > > Request Request(processor=8, connectionId=XXXX, > session=Session(MultiTenantPrincipal(tenantMetadata=TenantMetadata(tenantName='XXXX', > clusterId='XXX', allowDescribeBrokerConfigs=false, isSuperUser=false), > user=12345),ip-XXXX), listenerName=ListenerName(EXTERNAL), > securityProtocol=SASL_SSL, buffer=null) is not authorized. > > >