Doc for complexe oauth 2 configuration #28

Shawcs · 2024-12-13T20:21:11Z

added a readme part to configure the kafka ui with an SASL_SSL oauthbearer client configuration

added a readme part to configure the kafka ui with an SASL_SSL oauthbearer configuration

Haarolean · 2025-03-03T16:03:39Z

configuration/helm-charts/complex_ouauth_conf.md

+
+# Goals
+
+This configuration provide complexe configuration to do SASL_SSL with Oauthbearer configuration between the UI Kafka Client and a Kafka Cluster with jwt and scope validation.


Hi, could you please proofread and fix english here? You can use free tools like Grammarly or chatgpt to automate this.

configuration/helm-charts/complex_ouauth_conf.md

Haarolean · 2025-03-03T16:04:58Z

configuration/helm-charts/complex_ouauth_conf.md

+            - name: KAFKA_CLUSTERS_0_PROPERTIES_ENDPOINT_IDENTIFICATION_ALGORITHM
+              value: ""
+            - name: JAVA_OPTS
+              value: -Djavax.net.ssl.trustStore=/var/run/secrets/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit


what's the point of a truststore here if SSL for kafka is disabled? (KAFKA_CLUSTERS_0_PROPERTIES_ENDPOINT_IDENTIFICATION_ALGORITHM is empty)

it's a mistake will remove this endpoint algorithm to use the default https

Haarolean · 2025-03-03T16:06:12Z

configuration/helm-charts/complex_ouauth_conf.md

+            - name: JAVA_OPTS
+              value: -Djavax.net.ssl.trustStore=/var/run/secrets/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit
+            - name: KAFKA_CLUSTERS_0_SCHEMAREGISTRY
+              value: https://broker-apicurio-schema-registry-service:8443/apis/ccompat/v7


please note in the guide header that this guide is for apicurio, these are quite specific details of this setup, but still the overall guide might be useful for others, it's just that it would be nice to know what one's dealing with before going deep into the details

Haarolean · 2025-03-03T16:07:51Z

configuration/helm-charts/complex_ouauth_conf.md

+              value: OAUTHBEARER
+            - name: KAFKA_CLUSTERS_0_PROPERTIES_SASL_LOGIN_CALLBACK_HANDLER_CLASS
+              value: io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler
+            - name: OAUTH_CLIENT_ID


what are these properties for? k-ui doesn't have properties like that. It's auth.oauth2.client.<name>.clientId in our app

this is also due to the specific Redhat Kafka distribution (strimzi). I will mention it in the header

configuration/helm-charts/complex_ouauth_conf.md

Create complex_ouauth_conf.md

92590d0

added a readme part to configure the kafka ui with an SASL_SSL oauthbearer configuration

Haarolean self-requested a review December 16, 2024 15:51

Haarolean requested changes Mar 3, 2025

View reviewed changes

Update complex_ouauth_conf.md

aaacfa6

Haarolean self-requested a review March 13, 2025 20:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Doc for complexe oauth 2 configuration #28

Doc for complexe oauth 2 configuration #28

Shawcs commented Dec 13, 2024

Haarolean Mar 3, 2025

Haarolean Mar 3, 2025

Shawcs Mar 3, 2025

Haarolean Mar 3, 2025

Haarolean Mar 3, 2025

Shawcs Mar 3, 2025


		# Goals

		This configuration provide complexe configuration to do SASL_SSL with Oauthbearer configuration between the UI Kafka Client and a Kafka Cluster with jwt and scope validation.

Doc for complexe oauth 2 configuration #28

Are you sure you want to change the base?

Doc for complexe oauth 2 configuration #28

Conversation

Shawcs commented Dec 13, 2024

Haarolean Mar 3, 2025

Choose a reason for hiding this comment

Haarolean Mar 3, 2025

Choose a reason for hiding this comment

Shawcs Mar 3, 2025

Choose a reason for hiding this comment

Haarolean Mar 3, 2025

Choose a reason for hiding this comment

Haarolean Mar 3, 2025

Choose a reason for hiding this comment

Shawcs Mar 3, 2025

Choose a reason for hiding this comment