hariprasad-SAP opened a new pull request, #48: URL: https://github.com/apache/qpid-jms/pull/48
[RFC](https://datatracker.ietf.org/doc/html/rfc4422#appendix-A.1) SASL External mechanism is capable of transferring an authorization identity string. The client sends the initial response to the intial challenge by the server. It can be empty or non-empty. Response is non-empty when the client is requesting to act as the identity represented by the (non-empty) string which is UTF-8 encoding of the requested authorization identity string. It is empty when the client is requesting to act as the identity the server associated with its authentication credentials ### Why Apache qpid-jms doesn't support identity string? The SASL External mechanism is configured in this class (ExternalMechanism.java) of Apache qpid-jms. We can notice that the initial response is configured in Line 28. It is always set to EMPTY (empty byte array defined here) and cannot be configured to a custom string that we can use as identity string. Hence this library is NOT RFC compliant If we have to pass the authorization identity string to the server then we must configure the initial response of that client. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
