ActiveMQ and Client identity through certificate authentication

3
votes

Is there a way to determine the identity of a Message sender in ActiveMQ (JMS in general) that successfully connected to a broker via SSL using a client certificate?

I am planning on using JMs for communications between a remote terminal and a perimeter server within my network simply because of the extensive work that's been done internally to support JMS in the internal network. The terminal application uses a client certificate to authenticate to the ActiveMQ JMS broker, nevertheless, i'm trying to find out if there's a way to determine the certificate used by the remote terminal to connect to JMS at the perimeter server in order to pass that information to the authentication service.

Any thoughts or ideas are greatly appreciated..

1
securitycertificatejmsactivemq

1 Answers

2
votes

I figured I asked this question about a year ago and since then I have manged to successfully capture the SSL connection's user.

The answer is quite simple, add populateJMSXUserID="true" to the broker definition.

If you need help configuring SSL client authentication, I have found Fuse Source to have by far some of the most well rounded and detailed documentation on ActiveMQ (Fuse Message Broker). You can find more details about JAAS Certificate Authentication Plug-In here.