[jira] [Commented] (NIFI-3193) Update ConsumeAMQP and PublishAMQP to retrieve username from certificate common name

Tue, 13 Dec 2016 13:08:02 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-3193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15746269#comment-15746269
 ] 

Brian commented on NIFI-3193:
-----------------------------

Here are the details of the RabbitMQ instance I used to test NiFi:
* RabbitMQ 3.5.4 
* Erlang 18.0 
* rabbitmq_auth_mechanism_ssl plugin enabled 
* Base OS is RHEL 6.5

Here is the RabbitMQ.config file:
[
  {rabbit, [
     {ssl_listeners, [5671]},
     {loopback_users, []},
     {auth_mechanisms, ['EXTERNAL']},
     {ssl_options, [{cacertfile,"/home/data/openssl/brian_testca/cacert.pem"},
                    {certfile,"/home/data/openssl/brian_server/cert.pem"},
                    {keyfile,"/home/data/openssl/brian_server/key.pem"},
                    {verify,verify_peer},
                    {versions, ['tlsv1.2']},
                    {password,  "MySecretPassword"},
                    {verify,verify_peer},
                    {ssl_cert_login_from, common_name},
                    {fail_if_no_peer_cert,true}]}
   ]}
].

Notes: In the auth_mechanisms I've only got EXTERNAL becuase there is no need 
to user PLAIN username and password as the username should be being pulled out 
of the certificate common name. In the RabbitMQ admin section the client CN 
name needs to be added as a user but with the setting of "No Password"


> Update ConsumeAMQP and PublishAMQP to retrieve username from certificate 
> common name
> ------------------------------------------------------------------------------------
>
>                 Key: NIFI-3193
>                 URL: https://issues.apache.org/jira/browse/NIFI-3193
>             Project: Apache NiFi
>          Issue Type: New Feature
>          Components: Extensions
>    Affects Versions: 1.0.0, 1.1.0, 0.7.1
>            Reporter: Brian
>
> At the moment the NiFi AMQP processors can establish a SSL connection to 
> RabbitMQ but still user a user defined username and password to authenticate. 
> When using certificates RabbitMQ allows you to use to COMMON_NAME from the 
> certificate to authenticate instead of providing a username and password. 
> Unfortunately the NiFi processors do not support this so I would like to 
> request an update to the processors to enable this functionality.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to