[keycloak-dev] Keycloak on active MQ

[Shankar_Bhaskaran]

Hi ,

I was able to secure activemq behind keycloak using the direct access login module, but I specifically have to pass the username and password while getting a connection from active mq. The SSO aspect of keycloak is not fulfilled since I have to pass username , password from the webapplication. The activemq and my application share the same security domain also.
connection = (ActiveMQConnection) connectionFactory.createConnection(username , password);
Is there a way to get authenticated in ActiveMQ in the same user session as the web application that is calling the connection

Regards,
Shankar

-----Original Message-----
From: Marek Posolda [mailto:mposolda at redhat.com] 
Sent: Wednesday, February 1, 2017 5:21 PM
To: Shankar_Bhaskaran <Shankar_Bhaskaran at infosys.com>; keycloak-dev at lists.jboss.org; keycloak-user at lists.jboss.org
Subject: Re: [keycloak-dev] Keycloak on active MQ

I didn't try that yet. However I think it should work as ActiveMQ has some support for JAAS. We have some JAAS login modules, which can be used to secure those kind of services. See docs for details https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/latest/topics/oidc/java/jaas.html
.

Marek

On 01/02/17 10:26, Shankar_Bhaskaran wrote:
> Hi ,
>
> We are using keycloak as SSO in our organization. I would like to know if securing activemq using keycloak is a valid use case. Does keycloak allow us to validate jms requests to the queue or topic?
>
> Regards,
> Shankar
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev