You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Antony Alphonse <an...@gmail.com> on 2020/04/08 04:37:09 UTC
Oauthbearer - Azure
Hi,
I'm looking to implement authentication using Oauthbearer mechanism in my
Kafka cluster. My Oauth server will be Azure AD. If anyone have implemented
similar setup on Azure and can share some tips on how to proceed?
Thanks
AA
Re: Oauthbearer - Azure
Posted by Marko Strukelj <ma...@gmail.com>.
Hello, you could give Strimzi Kafka OAuth [1] a try.
It's a Kafka add-on that plugs into SASL_OAUTHBEARER functionality.
On the server side it adds support for fast local JWT token validation using signature checks, and keys retrieved from your authorization server's JWKS endpoint. It also has Introspection endpoint support which allows you to pass the access token to the authorization server for validation.
On the client side it adds support for configuring client credentials using clientId and clientSecret, but you can also use a refresh token or a long-lived access token.
[1] https://github.com/strimzi/strimzi-kafka-oauth
- marko
On 2020/04/08 04:37:09, Antony Alphonse <an...@gmail.com> wrote:
> Hi,
>
> I'm looking to implement authentication using Oauthbearer mechanism in my
> Kafka cluster. My Oauth server will be Azure AD. If anyone have implemented
> similar setup on Azure and can share some tips on how to proceed?
>
> Thanks
> AA
>
Re: Oauthbearer - Azure
Posted by Antony Alphonse <an...@gmail.com>.
Thanks Marko. If we have other options I would like to explore them as well.
On Wed, Apr 8, 2020 at 9:14 AM Marko Strukelj <ma...@gmail.com>
wrote:
> Hello, you can give Strimzi Kafka OAuth [1] a try.
>
> It is an add-on for Kafka that plugs into the existing SASL_OAUTHBEARER
> authentication mechanism, providing fast JWT signature validation using
> your authorization server's JWKS endpoint, and the OAuth2 introspection
> endpoint based approach where you delegate the token validation to the
> authorization server.
>
> [1] https://github.com/strimzi/strimzi-kafka-oauth
>
> - marko
>
> On 2020/04/08 04:37:09, Antony Alphonse <an...@gmail.com> wrote:
> > Hi,
> >
> > I'm looking to implement authentication using Oauthbearer mechanism in my
> > Kafka cluster. My Oauth server will be Azure AD. If anyone have
> implemented
> > similar setup on Azure and can share some tips on how to proceed?
> >
> > Thanks
> > AA
> >
>
Re: Oauthbearer - Azure
Posted by Marko Strukelj <ma...@gmail.com>.
Hello, you can give Strimzi Kafka OAuth [1] a try.
It is an add-on for Kafka that plugs into the existing SASL_OAUTHBEARER authentication mechanism, providing fast JWT signature validation using your authorization server's JWKS endpoint, and the OAuth2 introspection endpoint based approach where you delegate the token validation to the authorization server.
[1] https://github.com/strimzi/strimzi-kafka-oauth
- marko
On 2020/04/08 04:37:09, Antony Alphonse <an...@gmail.com> wrote:
> Hi,
>
> I'm looking to implement authentication using Oauthbearer mechanism in my
> Kafka cluster. My Oauth server will be Azure AD. If anyone have implemented
> similar setup on Azure and can share some tips on how to proceed?
>
> Thanks
> AA
>