You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org> on 2019/08/07 05:45:00 UTC
[jira] [Updated] (AMQ-7230) Add support for regex based certificate
authentication
[ https://issues.apache.org/jira/browse/AMQ-7230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated AMQ-7230:
--------------------------------------
Component/s: Broker
> Add support for regex based certificate authentication
> ------------------------------------------------------
>
> Key: AMQ-7230
> URL: https://issues.apache.org/jira/browse/AMQ-7230
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Broker
> Reporter: Lionel Cons
> Assignee: Jean-Baptiste Onofré
> Priority: Minor
> Fix For: 5.16.0, 5.15.10
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The current certificate authentication module ({{TextFileCertificateLoginModule}}) uses a file mapping user names to DNs.
> In some cases, the list of known DNs can be large and dynamic. This is the case for instance when using host certificates.
> Host certificates could be very dynamic (when new virtual machines get created) while keeping a fixed structure such as {{CN=hostxyz.acme.org, OU=computers, DC=acme, DC=org}}. It is impractical to generate all the possible DNs and feed this to ActiveMQ.
> It would be very useful to have regular expression based certificate authentication. With the example above, we could have a single line:
> {quote}acme.computers=/^CN=\w+\.acme\.org, OU=computers, DC=acme, DC=org$/{quote}
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)