Hi Colleagues, We're using Apache Qpid Broker-J with SCRAM SHA authentication provider for AMQP port and external (SSL client certificates) authentication provider for AMQPS port.
In the foreseeable future authentication mechanisms should be changed to LDAP. But due to the large number of clients the migration of accounts to LDAP will proceed over some (probably long) period of time. Requirement to us is to perform authentication either against the local file-based database of users (for clients who don't have an LDAP migrated account yet) or against LDAP (for clients already migrated). All clients should access Broker-J via the same port. At the moment there is no possibility to assign more than one authentication provider to the broker port. We were thinking about adding a possibility to configure for a broker port an ordered list of authentication providers, which will authenticate clients in the order defined till authentication success. Would such a change be acceptable from the architectural point of view? Or should some other approach be used to achieve our goal (authentication of the clients against 2 or more different authentication providers on one broker port)? Thank you very much in advance. Kind regards, Daniil Kirilyuk
