I figured this out issue - it is due to missing serialization/deserialization logic for the custom principal
Regards, Nanda -----Original Message----- From: Nanda Naga <nandan...@microsoft.com.INVALID> Sent: Friday, June 6, 2025 1:19 PM To: users@kafka.apache.org Subject: [EXTERNAL] Kraft mode - Authz errors while doing alterconfig via admin client [You don't often get email from nandan...@microsoft.com.invalid. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] In broker server properties and controller server properties, I have setup the custom principal builder class name and custom acl authorizer (extends standard authorizer) class name properly The normal produce/ consumes that the topic has acls works fine though using the custom principal and custom acl authorizer. It works when it is inter controller auth calls But when requests sent via admin client (using command prompt calls) or via code that uses admin client, I see default principal being passed (KafkaPrincipal) instead of my custom principal from broker to controller. Anything I miss here? If you need any more details, I can share Regards, Nanda
