[jira] [Commented] (ARTEMIS-3168) JAAS login module to convert existing Principal to an Artemis UserPrincipal

Mon, 12 Apr 2021 00:31:22 -0700 


    [ 
https://issues.apache.org/jira/browse/ARTEMIS-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17319103#comment-17319103
 ] 

Federico Valeri commented on ARTEMIS-3168:
------------------------------------------

Hi [~gtully] , thanks for this example. I just tried it with [main branch 
here|https://github.com/fvaleri/artemis-keycloak-demo] and I only had to do a 
couple of changes:

 - Remove the square brackets at the start and end of 
{{artemis-keycloak-demo-realm.json}}
 - Copy the exact version of keycloak dependencies into the {{instance/lib}} 
folder

Maybe we could add these steps to the example's readme. I would also like to 
see all required Keycloak configuration steps with a short description.

> JAAS login module to convert existing Principal to an Artemis UserPrincipal
> ---------------------------------------------------------------------------
>
>                 Key: ARTEMIS-3168
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3168
>             Project: ActiveMQ Artemis
>          Issue Type: New Feature
>          Components: JAAS
>    Affects Versions: 2.17.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Minor
>             Fix For: 2.18.0
>
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> Artemis verifies that an authenticated subject always has an Artemis 
> UserPrincipal which makes sense. All of the existing login modules produce 
> UserPrincipals. However login modules are plugable and varied. Some allow 
> some control of the role principal classes that they support but are less 
> likely to allow the Principal classes to be replaced. 
> For the hawtio console for example, the configurable RolePrincipal classes 
> allow both karaf and Artemis to co-exist and share role names. They can also 
> agree on the UserPrincipal class. However in chaining login modules where 
> there is not agreement on the UserPrincipal, it is useful to be able to 
> convert to the Artemis expected format at the end of the login process.
> A simple PrincipalConversionLoginModule configured with the list of class 
> names to match against, would suffice here. A known validated XPrincipal(Bob) 
> can then appear in Artemis as UserPrincipal(Bob) without prior agreement, 
> making any login module a candidate for inclusion in the Artemis 
> login.config. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to