Learn how to configure client authentication using delegation tokens on an application
level.
With this configuration method, you can set up all clients within a JVM to use the same
delegation token for authentication.
- Add a KafkaClient entry with a login module item to your JAAS configuration
file.
The module has to specify the
username,
password and
tokenauth options. The configuration is
similar to the following example:
KafkaClient {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="tokenID"
password="lAYYSFmLs4bTjf+lTZ1LCHR/ZZFNA=="
tokenauth="true";
}
The
username and
password options specify
the token ID and token HMAC. The
tokenauth option expresses the intent
to use token authentication to the server.
-
Configure the following properties for your
clients.
These properties are added to
producer.properties or
consumer.properties
file that the client
uses.
security.protocol=SASL_SSL
sasl.mechanism=SCRAM-SHA-256
- Pass the location of your JAAS configuration file as a JVM parameter through a
command line interface.
This sets the JAAS configuration on the Java process
level.
export KAFKA_OPTS="-Djava.security.auth.login.config=[PATH_TO_JAAS.CONF]"
