I need to create a custom JAAS module for authentication but I need to pass client certificate credentials as the principal. SASL_SSL mode has support for a JAAS module but from looking at the source code there doesn't appear to be a way to pass SSL client credentials to the module. The only callback handlers are for username/password and for kerberos. However, the SSL mode can extract a principal from the client certificate but when using SSL without SASL there appears to be no way to plug in a JAAS module.
So it seems that I am looking for kind of a combination of SSL and SASL_SSL modes. Is there anyway to configure out the box what I am trying to do or is this going to require a code change? I can work on a pull request if necessary.