Details
-
Story
-
Resolution: Not a Bug
-
Major
-
None
-
AMQ 7.9.1.GA
-
None
-
False
-
False
Description
One of our customers requested an enhancement in login.config to allow the usage of environment variables in it:
LDAPLogin { org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required debug=true initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connectionURL="xxxxxx" connectionUsername=${myEnvVar1} connectionPassword=${myEnvVar2} connectionProtocol=s authentication=simple userBase="ou=system" userSearchMatching="(uid={0})" userSearchSubtree=false roleBase="ou=system" roleName=cn roleSearchMatching="(member=uid={1},ou=system)" roleSearchSubtree=false ; };
This would allow them to secure the AMQ Server in OpenShift environment with an external Identity Provider (CyberArk). As discussed in the Case (03092728) , a simple replacement (sed/awk) of the credentials during the build is not compatible with the rolling of secrets required for CyberArk authentication.