Learn how to configure client authentication using delegation tokens on an application
level.
With this configuration method, you can set up all clients within a JVM to use the same
delegation token for authentication.
- Add a KafkaClient entry with a login module item to your JAAS configuration
file.
The module has to specify the username
,
password
and tokenauth
options.
Example Configuration:
KafkaClient {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="tokenID"
password="lAYYSFmLs4bTjf+lTZ1LCHR/ZZFNA=="
tokenauth="true";
}
The username
and password
options specify the token
ID and token HMAC. The tokenauth
option expresses the intent to use
token authentication to the server.
-
Configure the following properties for your clients.
These properties are added to producer.properties or
consumer.properties file that the client uses.
security.protocol=SASL_SSL
sasl.mechanism=SCRAM-SHA-256
- Pass the location of your JAAS configuration file as a JVM parameter through a
command line interface.
This sets the JAAS configuration on the Java process
level.
export KAFKA_OPTS="-Djava.security.auth.login.config=[PATH_TO_JAAS.CONF]"