[
https://issues.apache.org/jira/browse/ARTEMIS-1758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411297#comment-16411297
]
Robbie Gemmell commented on ARTEMIS-1758:
-----------------------------------------
{quote}SASL EXTERNAL will only work with an empty response from the client. If
an identity is specified (a non empty response) authentication will fail.
This is because the cert login module maps directly the identity from the TLS
peer certificate.{quote}
That might cause problems with some clients.
Also, if they do give an identity, it seems like it really shouldn't fail if
that actually matches the brokers mapping.
> Support SASL EXTERNAL
> ---------------------
>
> Key: ARTEMIS-1758
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1758
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: AMQP
> Affects Versions: 2.5.0
> Reporter: Gary Tully
> Assignee: Gary Tully
> Priority: Major
> Fix For: 2.6.0
>
>
> Add support for SASL EXTERNAL
> https://tools.ietf.org/html/rfc4422#appendix-A
> Peer principal from TLS client cert is used as the client identity on the
> broker.
> The identity is mapped to a broker user and role via the
> TextFileCertificateLoginModule
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
