Kafka SASL Authentication mechanism using OAuthBearer?

Question

Can anyone help me to write JAAS conf files and Handler classes for Authentication using SASL/OAUTHBEARER?

And also what is the meaning of this option in JAAS file which is configured in kafka documentation?

unsecuredLoginStringClaim_sub="admin";

score 1 · Answer 1 · edited Jan 04 '19 at 13:01

For SASL/OAUTHBEARER the JAAS config file will be, at least:

KafkaServer {
   org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required ;
};

Other params will be used by your implementation of the interface AuthenticateCallbackHandler that can receive other parameters like your OAuth server host, grant type or other information that you need to do the login flow. The option unsecuredLoginStringClaim_sub="admin" is one of these parameters.

If you need to setup and test a Kafka broker with this SASL mechanism, you can see this article. https://medium.com/@jairsjunior/how-to-setup-oauth2-mechanism-to-a-kafka-broker-e42e72839fe

score 0 · Answer 2 · edited Mar 08 '19 at 17:38

0

See the Javadoc at https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/security/oauthbearer/OAuthBearerLoginModule.java for an explanation of unsecuredLoginStringClaim_sub="admin" -- that is an option that is recognized by the default unsecured callback handlers you get out-of-the-box.

edited Mar 08 '19 at 17:38

double-beep

5,031
17
33
41

answered Mar 08 '19 at 17:35

rndgstn

321
2
7

Kafka SASL Authentication mechanism using OAuthBearer?

2 Answers2