Skip to content

Latest commit

 

History

History
23 lines (16 loc) · 890 Bytes

README.md

File metadata and controls

23 lines (16 loc) · 890 Bytes

k3a-spiffe-principal-builder

A KafkaPrincipalBuilder that will extract a SPIFFE ID from the Subject Alternative Names (SAN) of an X.509 certificate. Looks for SANs of type URI starting with spiffe://, and returns the first one found. If no match is found, falls back to traditional certificate parsing.

Usage

The .jar-file of this project must be made available on the Kafka Broker classpath, typically in /usr/share/java/kafka/.

Then the broker must be instructed to use this class to build principals by adding the following to the configuration file:

principal.builder.class=io.statnett.k3a.authz.spiffe.SpiffePrincipalBuilder

References

There is a KIP-880 requesting this kind of functionality.