Uploaded image for project: 'ActiveMQ Artemis'
  1. ActiveMQ Artemis
  2. ARTEMIS-2433

Support LDAP role mapping of SASL EXTERNAL credentials

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.9.0
    • 2.10.0
    • AMQP, Broker

    Description

      currently the textcertificate login module must be used with SASL EXTERNAL. There is no other way to do authorisation and role assignment.
      however a validated TLS certificate subject dn is a valid identity, in the same way as a kerberos token identity. If we provide a login module that will populate a subject principal with the subject DN, it will be possible to chain with the LDAPLoginModule and have LDAP used for role assignment. In LDAP, the CERT subjectDN just needs to be added as a member to any existing role definition.
      LDAPLoginModule can be configured to not authenticate, not lookup the user and just do role assignment.

      authenticateUser=false and default/empty userSearchMatching

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            gtully Gary Tully
            gtully Gary Tully
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h
                1h

                Issue deployment