Chapter 2. Enhancements


AMQ Streams 2.4 adds a number of enhancements.

2.1. Kafka 3.4.0 enhancements

For an overview of the enhancements introduced with Kafka 3.4.0, refer to the Kafka 3.4.0 Release Notes.

2.2. OAuth 2.0 configuration for HTTP requests

You can now use configuration to control HTTP requests to an OAuth 2.0 authorization server.

If you are creating a listener for your Kafka brokers that uses OAuth 2.0 authentication or authorization, you can add the following properties to the listener configuration:

  • httpRetries to control the maximum number of times to retry a failed HTTP request to the authorization server.
  • httpRetryPauseMs to control the time to wait in milliseconds before attempting another retry of a failed HTTP request to the authorization server.

Example listener configuration

sasl.enabled.mechanisms=OAUTHBEARER
listeners=CLIENT://0.0.0.0:9092
listener.security.protocol.map=CLIENT:SASL_PLAINTEXT
listener.name.client.sasl.enabled.mechanisms=OAUTHBEARER
sasl.mechanism.inter.broker.protocol=OAUTHBEARER
inter.broker.listener.name=CLIENT
listener.name.client.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler
listener.name.client.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required ;
listener.name.client.oauthbearer.sasl.login.callback.handler.class=io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler
listener.name.client.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \
  # ...
  oauth.token.endpoint.uri="https://AUTH-SERVER-ADDRESS/auth/realms/REALM-NAME/protocol/openid-connect/token" \
  oauth.custom.claim.check="@.custom == 'custom-value'" \
  oauth.scope="SCOPE" \
  oauth.check.audience="true" \
  oauth.audience="AUDIENCE" \
  oauth.valid.issuer.uri="https://https://AUTH-SERVER-ADDRESS/auth/REALM-NAME" \
  oauth.client.id="kafka-broker" \
  oauth.client.secret="kafka-broker-secret" \
  oauth.connect.timeout.seconds=60 \
  oauth.read.timeout.seconds=60 \
  oauth.http.retries=2 \
  oauth.http.retry.pause.millis=300 \
  oauth.groups.claim="$.groups" \
  oauth.groups.claim.delimiter="," ;

See the following:

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.