Skip to content

Doc for complexe oauth 2 configuration#28

Open
Shawcs wants to merge 2 commits intokafbat:mainfrom
Shawcs:complexe-oauth2-config
Open

Doc for complexe oauth 2 configuration#28
Shawcs wants to merge 2 commits intokafbat:mainfrom
Shawcs:complexe-oauth2-config

Conversation

@Shawcs
Copy link

@Shawcs Shawcs commented Dec 13, 2024

added a readme part to configure the kafka ui with an SASL_SSL oauthbearer client configuration

@Shawcs
Create complex_ouauth_conf.md
92590d0 
added a readme part to configure the kafka ui with an SASL_SSL oauthbearer configuration
@Haarolean Haarolean self-requested a review December 16, 2024 15:51
Haarolean
Haarolean requested changes Mar 3, 2025
View reviewed changes
configuration/helm-charts/complex_ouauth_conf.md Outdated

# Goals

This configuration provide complexe configuration to do SASL_SSL with Oauthbearer configuration between the UI Kafka Client and a Kafka Cluster with jwt and scope validation.
Copy link
Member

@Haarolean Haarolean Mar 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, could you please proofread and fix english here? You can use free tools like Grammarly or chatgpt to automate this.

configuration/helm-charts/complex_ouauth_conf.md
- name: KAFKA_CLUSTERS_0_PROPERTIES_ENDPOINT_IDENTIFICATION_ALGORITHM
value: ""
- name: JAVA_OPTS
value: -Djavax.net.ssl.trustStore=/var/run/secrets/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit
Copy link
Member

@Haarolean Haarolean Mar 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what's the point of a truststore here if SSL for kafka is disabled? (KAFKA_CLUSTERS_0_PROPERTIES_ENDPOINT_IDENTIFICATION_ALGORITHM is empty)

Copy link
Author

@Shawcs Shawcs Mar 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's a mistake will remove this endpoint algorithm to use the default https

configuration/helm-charts/complex_ouauth_conf.md
- name: JAVA_OPTS
value: -Djavax.net.ssl.trustStore=/var/run/secrets/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit
- name: KAFKA_CLUSTERS_0_SCHEMAREGISTRY
value: https://broker-apicurio-schema-registry-service:8443/apis/ccompat/v7
Copy link
Member

@Haarolean Haarolean Mar 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please note in the guide header that this guide is for apicurio, these are quite specific details of this setup, but still the overall guide might be useful for others, it's just that it would be nice to know what one's dealing with before going deep into the details

configuration/helm-charts/complex_ouauth_conf.md
value: OAUTHBEARER
- name: KAFKA_CLUSTERS_0_PROPERTIES_SASL_LOGIN_CALLBACK_HANDLER_CLASS
value: io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler
- name: OAUTH_CLIENT_ID
Copy link
Member

@Haarolean Haarolean Mar 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what are these properties for? k-ui doesn't have properties like that. It's auth.oauth2.client.<name>.clientId in our app

Copy link
Author

@Shawcs Shawcs Mar 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is also due to the specific Redhat Kafka distribution (strimzi). I will mention it in the header

@Haarolean Haarolean self-requested a review March 13, 2025 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Haarolean Haarolean Awaiting requested review from Haarolean

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Shawcs @Haarolean