[ https://issues.apache.org/jira/browse/ARTEMIS-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17306937#comment-17306937 ]
ASF subversion and git services commented on ARTEMIS-3168: ---------------------------------------------------------- Commit d71d54b38a36109d5a06d536e9895d43f78752d9 in activemq-artemis's branch refs/heads/master from gtully [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=d71d54b ] ARTEMIS-3168 - add example using authentication delegation to keycloak, principal conversion for jms clients and oath for the web cosole > JAAS login module to convert existing Principal to an Artemis UserPrincipal > --------------------------------------------------------------------------- > > Key: ARTEMIS-3168 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3168 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: JAAS > Affects Versions: 2.17.0 > Reporter: Gary Tully > Assignee: Gary Tully > Priority: Minor > Fix For: 2.18.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Artemis verifies that an authenticated subject always has an Artemis > UserPrincipal which makes sense. All of the existing login modules produce > UserPrincipals. However login modules are plugable and varied. Some allow > some control of the role principal classes that they support but are less > likely to allow the Principal classes to be replaced. > For the hawtio console for example, the configurable RolePrincipal classes > allow both karaf and Artemis to co-exist and share role names. They can also > agree on the UserPrincipal class. However in chaining login modules where > there is not agreement on the UserPrincipal, it is useful to be able to > convert to the Artemis expected format at the end of the login process. > A simple PrincipalConversionLoginModule configured with the list of class > names to match against, would suffice here. A known validated XPrincipal(Bob) > can then appear in Artemis as UserPrincipal(Bob) without prior agreement, > making any login module a candidate for inclusion in the Artemis > login.config. -- This message was sent by Atlassian Jira (v8.3.4#803005)