Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-428

Implement SASL external

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Major Major
    • AMQ 7.2.0.GA
    • None
    • security
    • None
    • Add support for SASL External
    • Documentation (Ref Guide, User Guide, etc.), Release Notes
    • Done
    • 0% To Do, 0% In Progress, 100% Done
    • Hide
      AMQ Broker can now validate AMQP connections by using the identity of the connection's SSL certificate rather than using traditional credentials such as a username and password. This benefits deployments where secure access is managed through SSL certificates. This is implemented through the SASL EXTERNAL mechanism support.
      Show
      AMQ Broker can now validate AMQP connections by using the identity of the connection's SSL certificate rather than using traditional credentials such as a username and password. This benefits deployments where secure access is managed through SSL certificates. This is implemented through the SASL EXTERNAL mechanism support.
    • Documented as Feature Request
    • AMQ Broker 7.1 Sprint 1

      User Story:
      As an operator, since I have an access control infrastructure based on SSL certificates I want my AMQP clients to be able to authenticate their connections to the broker via their certificate rather than username and password credentials.

      TLS is setup to require client authentication such that the TLS handshake will only succeed when the server receives a valid client certificate.
      When SASL EXTERNAL mechanism is chosen, then the client identity is taken from the validated SSL certificate.

      The mapping of the client identity from the CN of the certificate to an Artemis user is completed via the Certificate LoginModule.

              gtully@redhat.com Gary Tully
              gtully@redhat.com Gary Tully
              Roman Vais Roman Vais (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated:
                Resolved: