Rather than changing the model with all the extra work required to perform upgrades, etc... Would it make sense/be possible to simply define a new "composite authentication provider" which just contained an ordered list of other authentication providers which it would delegate to? This would seem to be potentially a much smaller change.
-- Rob On Thu, 23 Sept 2021 at 08:38, Daniil Kirilyuk <daniel.kiril...@gmail.com> wrote: > Hi Colleagues, > > We're using Apache Qpid Broker-J with SCRAM SHA authentication provider for > AMQP port and external (SSL client certificates) authentication provider > for AMQPS port. > > In the foreseeable future authentication mechanisms should be changed to > LDAP. But due to the large number of clients the migration of accounts to > LDAP will proceed over some (probably long) period of time. > > Requirement to us is to perform authentication either against the local > file-based database of users (for clients who don't have an LDAP migrated > account yet) or against LDAP (for clients already migrated). All clients > should access Broker-J via the same port. > > At the moment there is no possibility to assign more than one > authentication provider to the broker port. > > We were thinking about adding a possibility to configure for a broker port > an ordered list of authentication providers, which will authenticate > clients in the order defined till authentication success. Would such a > change be acceptable from the architectural point of view? Or should some > other approach be used to achieve our goal (authentication of the clients > against 2 or more different authentication providers on one broker port)? > > Thank you very much in advance. > > Kind regards, > Daniil Kirilyuk >
