This repository contains the Java source code implementation of an Apache Kafka plugin that performs client authentication against an external source such an an LDAP server. When configured to use this plugin, the Kafka broker will perform user authentication against the external source using the username and password provided by the Kafka client.
- Java JDK 15 or higher
The Kafka Authentication plugin build produces a Java jar file which must be added to the Kafka broker classpath. To produce the jar file using a local build command:
./gradlew clean build jar -x test
The result is the build/libs/kafka-authentication-plugin-<version>.jar which contains
all the class files which implement the SASL callback handler. This jar file
must be added to the classpath of the Kafka broker prior to starting the server.
You can do this by either copying the jar file into the $KAFKA_HOME/libs
directory or by setting the classpath environment variable:
export CLASSPATH="/path/to/jar/kafka-authentication-plugin-<version>.jar"
We welcome your contributions! Please read CONTRIBUTING.md for details on how to submit contributions to this project.
This project is licensed under the Apache 2.0 License.
- KIP-86: Configurable SASL callback handlers
- Confluent Apache Kafka Security course
There are several open source alternatives to this library: