2

I am facing issue while connecting IBM app connect to kafka through SASL connection using OAUTHBEARER. Below are the property provided by the kafka team.

ssl.truststore.location=/abc/config/kafka/ssl/client.truststore.jks
ssl.truststore.password=changeme
sasl.server.callback.handler.class=aero.sita.bordermanagement.eventbus.authentication.ClientAuthenticateCallbackHandler
sasl.mechanism=OAUTHBEARER
sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required sasl.oauthbearer.token.endpoint.url="https://testserver:443/openam/oauth2/realms/root/realms/ptd-portal-security/access_token" oauth.token.grant.type="password" client.id="servicesSecurityClient" client.secret="abc@1234" username="SITRISKASSESSMENTSYSTEMUSER" password="abc@1234";

I am getting below error,

 Caused by: javax.security.auth.login.LoginException: An internal error occurred while retrieving token from callback handler
2022-06-13 19:49:27.335     59  at org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule.identifyToken(OAuthBearerLoginModule.java:319)
2022-06-13 19:49:27.335     59  at org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule.login(OAuthBearerLoginModule.java:301)
2022-06-13 19:49:27.336     59  at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
2022-06-13 19:49:27.336     59  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
2022-06-13 19:49:27.336     59  at java.lang.reflect.Method.invoke(Method.java:508)
2022-06-13 19:49:27.336     59  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)
2022-06-13 19:49:27.336     59  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
2022-06-13 19:49:27.336     59  at javax.security.auth.login.LoginContext$5.run(LoginContext.java:721)
2022-06-13 19:49:27.336     59  at javax.security.auth.login.LoginContext$5.run(LoginContext.java:719)
2022-06-13 19:49:27.336     59  at java.security.AccessController.doPrivileged(AccessController.java:770)
2022-06-13 19:49:27.336     59  at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:719)
2022-06-13 19:49:27.336     59  at javax.security.auth.login.LoginContext.login(LoginContext.java:593)
2022-06-13 19:49:27.336     59  at org.apache.kafka.common.security.oauthbearer.internals.expiring.ExpiringCredentialRefreshingLogin.login(ExpiringCredentialRefreshingLogin.java:204)
2022-06-13 19:49:27.336     59  at org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerRefreshingLogin.login(OAuthBearerRefreshingLogin.java:150)
2022-06-13 19:49:27.337     59  at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:62)
2022-06-13 19:49:27.337     59  at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:105)
2022-06-13 19:49:27.337     59  at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:158)
JoshMc
  • 10,239
  • 2
  • 19
  • 38
Gopinath Ravi
  • 21
  • 3
  • Did you resolve the problem? I'm getting similar one on Kafka 3.3.1 with SASL_PLAINTEXT and OAUTHBEARER OIDC - not sure how to debug further... – Hlib Pylypets Jan 25 '23 at 14:17

0 Answers0