[keycloak-dev] Keycloak on active MQ

Marek Posolda mposolda at redhat.com
Mon Apr 3 03:12:17 EDT 2017


Yes, I think that for that case the second login module 
(BearerTokenLoginModule) is better choice. Your webapp has accessToken 
already, so you just need to send it as "password" to JAAS. Probably 
something like this should work:

connectionFactory.createConnection(username , accessTokenString);


Marek

On 02/04/17 21:20, Shankar_Bhaskaran wrote:
> Hi ,
>
> I was able to secure activemq behind keycloak using the direct access login module, but I specifically have to pass the username and password while getting a connection from active mq. The SSO aspect of keycloak is not fulfilled since I have to pass username , password from the webapplication. The activemq and my application share the same security domain also.
> connection = (ActiveMQConnection) connectionFactory.createConnection(username , password);
> Is there a way to get authenticated in ActiveMQ in the same user session as the web application that is calling the connection
>
> Regards,
> Shankar
>
> -----Original Message-----
> From: Marek Posolda [mailto:mposolda at redhat.com]
> Sent: Wednesday, February 1, 2017 5:21 PM
> To: Shankar_Bhaskaran <Shankar_Bhaskaran at infosys.com>; keycloak-dev at lists.jboss.org; keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-dev] Keycloak on active MQ
>
> I didn't try that yet. However I think it should work as ActiveMQ has some support for JAAS. We have some JAAS login modules, which can be used to secure those kind of services. See docs for details https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/latest/topics/oidc/java/jaas.html
> .
>
> Marek
>
> On 01/02/17 10:26, Shankar_Bhaskaran wrote:
>> Hi ,
>>
>> We are using keycloak as SSO in our organization. I would like to know if securing activemq using keycloak is a valid use case. Does keycloak allow us to validate jms requests to the queue or topic?
>>
>> Regards,
>> Shankar
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>



More information about the keycloak-dev mailing list