Uploaded image for project: 'A-MQ Broker'
  1. A-MQ Broker
  2. ENTMQBR-428

Implement SASL external

    XMLWordPrintable

    Details

    • Type: Epic
    • Status: Done
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: AMQ 7.2.0.GA
    • Component/s: security
    • Labels:
      None
    • Epic Name:
      Add support for SASL External
    • Target Release:
    • Epic Status:
      Done
    • Sprint:
      AMQ Broker 7.1 Sprint 1
    • Affects:
      Documentation (Ref Guide, User Guide, etc.), Release Notes
    • Release Notes Text:
      Hide
      AMQ Broker can now validate AMQP connections by using the identity of the connection's SSL certificate rather than using traditional credentials such as a username and password. This benefits deployments where secure access is managed through SSL certificates. This is implemented through the SASL EXTERNAL mechanism support.
      Show
      AMQ Broker can now validate AMQP connections by using the identity of the connection's SSL certificate rather than using traditional credentials such as a username and password. This benefits deployments where secure access is managed through SSL certificates. This is implemented through the SASL EXTERNAL mechanism support.
    • Release Notes Docs Status:
      Documented as Feature Request

      Description

      User Story:
      As an operator, since I have an access control infrastructure based on SSL certificates I want my AMQP clients to be able to authenticate their connections to the broker via their certificate rather than username and password credentials.

      TLS is setup to require client authentication such that the TLS handshake will only succeed when the server receives a valid client certificate.
      When SASL EXTERNAL mechanism is chosen, then the client identity is taken from the validated SSL certificate.

      The mapping of the client identity from the CN of the certificate to an Artemis user is completed via the Certificate LoginModule.

        Gliffy Diagrams

          Attachments

            Issue Links

            is related to

            Enhancement - An enhancement or refactoring of existing functionality AMQDOC-2715 REQ: Document SASL External implementation

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed

            ARTEMIS-1758 Loading...

              Activity

                People

                • Assignee:
                  garytully Gary Tully
                  Reporter:
                  garytully Gary Tully
                  Tester:
                  Roman Vais
                • Votes:
                  2 Vote for this issue
                  Watchers:
                  11 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: