Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-5905

ActiveMQArtemisSecurity - KeyCloak loginmodule is missing if bearerToken type keycloakLoginModules is chosen

    XMLWordPrintable

Details

    Description

      Artemis sessions will want to verify there is a valid Artemis UserPrincipal such that it can verify authentication and potentially populate a message header. The PrincipalConversionLoginModule does the necessary transformation on the first KeycloakPrincipal it encounters. 

      activemq {

    org.keycloak.adapters.jaas.BearerTokenLoginModule optional
        debug=true
        keycloak-config-file="${artemis.instance}/etc/keycloak-bearer-token.json"
        role-principal-class=org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal;
##is missing
    org.apache.activemq.artemis.spi.core.security.jaas.PrincipalConversionLoginModule optional
        debug=true
        principalClassList=org.keycloak.KeycloakPrincipal;
##is missing
};

      This loginmodule is missing if bearerToken type keycloakLoginModules is chosen.

      spec:
  loginModules:
    keycloakLoginModules:
      - configuration:
          authServerUrl: 'http://localhost:8080/auth'
        moduleType: bearerToken
        name: kcmodule

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Activity

            People

              gaohoward Howard Gao
              rhn-support-aboucham Abel Bouchama
              Mikhail Krutov Mikhail Krutov
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: