Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-1982

_AMQ_User = null, when connection is authenticated via TextFileCertificateLoginModule

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Major
    • None
    • AMQ 7.2.0.GA
    • broker-core
    • None
    • Release Notes
    • Hide
      Cause:
      The _AMQ_User property on the notification message generated when a new consumer is created on the broker is null when the broker is configured to authenticate users via their SSL certificate because there is no actual username submitted when creating the consumer since the SSL certificate is used for authentication.

      Consequence:
      Potentially important audit information is not provided in the CONSUMER_CREATED notification message.

      Fix:
      Include the validated username as well as SSL certificate information in the notification message.

      Result:
      All relevant audit information should be present in the notification message.
      Show
      Cause: The _AMQ_User property on the notification message generated when a new consumer is created on the broker is null when the broker is configured to authenticate users via their SSL certificate because there is no actual username submitted when creating the consumer since the SSL certificate is used for authentication. Consequence: Potentially important audit information is not provided in the CONSUMER_CREATED notification message. Fix: Include the validated username as well as SSL certificate information in the notification message. Result: All relevant audit information should be present in the notification message.
    • AMQ Broker 1839, AMQ Broker 1842, AMQ Broker 1845, AMQ Broker 1848, AMQ Broker 0219, AMQ Broker 0519, AMQ Sprint 3219

    Description

      _AMQ_User = null, when connection is authenticated via TextFileCertificateLoginModule

      The issue can be replicated using the example configuration "ssl-enabled-dual-authentication" and "management-notifications".

      _AMQ_User is set to null while using the certificate to authenticate.

      Received notification:
  _AMQ_Address: exampleQueue
  _AMQ_NotifType: CONSUMER_CREATED
  _AMQ_RoutingName: exampleQueue
  _AMQ_NotifTimestamp: 1537152205334
  JMSXDeliveryCount: 1
  _AMQ_SessionName: 731b711a-ba23-11e8-928d-68f72828e01c
  _AMQ_ClusterName: exampleQueuef6c05ece-b94e-11e8-a626-e8b1fcafa0d2
  _AMQ_User: null
  _AMQ_ConsumerCount: 1
  _AMQ_RemoteAddress: /127.0.0.1:59984
  _AMQ_Distance: 0

      Attachments

        Activity

          People

            rhn-support-jbertram Justin Bertram
            rhn-support-shsingh Shailendra Singh
            Oleg Sushchenko Oleg Sushchenko
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 1 hour
                1h
                Remaining:
                Remaining Estimate - 1 hour
                1h
                Logged:
                Time Spent - Not Specified
                Not Specified