schema-registry
schema-registry copied to clipboard
confluentinc
JAAS config for Oauthbearer configuration
Hello, when I try to configure the schema registry to communicate with an oauth secured kafka cluster I got:
Login module control flag not specified in JAAS config when I run /etc/confluent/docker/launch inside my docker image
My setup is the following:
- Kafka cluster on premise (not a confluent one)
- Authentication provider is a Windows ADFS (tested and working with spring/quarkus kafka clients)
- All running inside docker containers
I'm using a configuration looking like this for the registry inside my schema-registry.properties file:
kafkastore.sasl.jaas.config= 'org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required oauth.client.id="registry-client" oauth.client.secret="MY_SECRET" oauth.token.endpoint.uri="https://login.dev.net/adfs/oauth2/token" ;'
kafkastore.security.protocol=SASL_SSL
kafkastore.sasl.mechanism=OAUTHBEARER
any idea what config I could miss or if it's a licence problem ?
the full error stack trace:
[2024-01-23 10:26:54,798] ERROR Server died unexpectedly: (io.confluent.kafka.schemaregistry.rest.SchemaRegistryMain:55)
org.apache.kafka.common.KafkaException: Failed to create new KafkaAdminClient
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:694)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:621)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:616)
at org.apache.kafka.clients.admin.Admin.create(Admin.java:134)
at org.apache.kafka.clients.admin.AdminClient.create(AdminClient.java:39)
at io.confluent.kafka.schemaregistry.storage.KafkaSchemaRegistry.kafkaClusterId(KafkaSchemaRegistry.java:1976)
at io.confluent.kafka.schemaregistry.storage.KafkaSchemaRegistry.<init>(KafkaSchemaRegistry.java:209)
at io.confluent.kafka.schemaregistry.rest.SchemaRegistryRestApplication.initSchemaRegistry(SchemaRegistryRestApplication.java:73)
at io.confluent.kafka.schemaregistry.rest.SchemaRegistryRestApplication.configureBaseApplication(SchemaRegistryRestApplication.java:101)
at io.confluent.rest.Application.configureHandler(Application.java:299)
at io.confluent.rest.ApplicationServer.doStart(ApplicationServer.java:201)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at io.confluent.kafka.schemaregistry.rest.SchemaRegistryMain.main(SchemaRegistryMain.java:44)
Caused by: java.lang.IllegalArgumentException: Login module control flag not specified in JAAS config
at org.apache.kafka.common.security.JaasConfig.parseAppConfigurationEntry(JaasConfig.java:110)
at org.apache.kafka.common.security.JaasConfig.<init>(JaasConfig.java:63)
at org.apache.kafka.common.security.JaasContext.load(JaasContext.java:103)
at org.apache.kafka.common.security.JaasContext.loadClientContext(JaasContext.java:97)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:271)
at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:140)
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:136)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:662)
... 12 more
Try it without the single quotation marks.
kafkastore.sasl.jaas.config= org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required oauth.client.id="registry-client" oauth.client.secret="MY_SECRET" oauth.token.endpoint.uri="https://login.dev.net/adfs/oauth2/token" ;
