2.2. HTTP 请求的 OAuth 2.0 配置

现在，您可以使用配置来控制对 OAuth 2.0 授权服务器的 HTTP 请求。

如果您要为使用 OAuth 2.0 身份验证或授权的 Kafka 代理创建监听程序，您可以在监听器配置中添加以下属性：

httpRetries，以控制将失败的 HTTP 请求重试到授权服务器的次数上限。
httpRetryPauseMs 控制在尝试对授权服务器进行另一个重试失败 HTTP 请求前等待的时间（毫秒）。

侦听器配置示例

sasl.enabled.mechanisms=OAUTHBEARER
listeners=CLIENT://0.0.0.0:9092
listener.security.protocol.map=CLIENT:SASL_PLAINTEXT
listener.name.client.sasl.enabled.mechanisms=OAUTHBEARER
sasl.mechanism.inter.broker.protocol=OAUTHBEARER
inter.broker.listener.name=CLIENT
listener.name.client.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler
listener.name.client.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required ;
listener.name.client.oauthbearer.sasl.login.callback.handler.class=io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler
listener.name.client.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \
  # ...
  oauth.token.endpoint.uri="https://AUTH-SERVER-ADDRESS/auth/realms/REALM-NAME/protocol/openid-connect/token" \
  oauth.custom.claim.check="@.custom == 'custom-value'" \
  oauth.scope="SCOPE" \
  oauth.check.audience="true" \
  oauth.audience="AUDIENCE" \
  oauth.valid.issuer.uri="https://https://AUTH-SERVER-ADDRESS/auth/REALM-NAME" \
  oauth.client.id="kafka-broker" \
  oauth.client.secret="kafka-broker-secret" \
  oauth.connect.timeout.seconds=60 \
  oauth.read.timeout.seconds=60 \
  oauth.http.retries=2 \
  oauth.http.retry.pause.millis=300 \
  oauth.groups.claim="$.groups" \
  oauth.groups.claim.delimiter="," ;

sasl.enabled.mechanisms=OAUTHBEARER
listeners=CLIENT://0.0.0.0:9092
listener.security.protocol.map=CLIENT:SASL_PLAINTEXT
listener.name.client.sasl.enabled.mechanisms=OAUTHBEARER
sasl.mechanism.inter.broker.protocol=OAUTHBEARER
inter.broker.listener.name=CLIENT
listener.name.client.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler
listener.name.client.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required ;
listener.name.client.oauthbearer.sasl.login.callback.handler.class=io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler
listener.name.client.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \
  # ...
  oauth.token.endpoint.uri="https://AUTH-SERVER-ADDRESS/auth/realms/REALM-NAME/protocol/openid-connect/token" \
  oauth.custom.claim.check="@.custom == 'custom-value'" \
  oauth.scope="SCOPE" \
  oauth.check.audience="true" \
  oauth.audience="AUDIENCE" \
  oauth.valid.issuer.uri="https://https://AUTH-SERVER-ADDRESS/auth/REALM-NAME" \
  oauth.client.id="kafka-broker" \
  oauth.client.secret="kafka-broker-secret" \
  oauth.connect.timeout.seconds=60 \
  oauth.read.timeout.seconds=60 \
  oauth.http.retries=2 \
  oauth.http.retry.pause.millis=300 \
  oauth.groups.claim="$.groups" \
  oauth.groups.claim.delimiter="," ;

Copy to Clipboard

Toggle word wrap

请参见以下信息：

2.2. HTTP 请求的 OAuth 2.0 配置

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links