...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<FIXEdge>
<BusinessLayer>
<Rule>
<Source>
<FixSession SenderCompID="SC" TargetCompID="FE"/>
</Source>
<Action>
<Send><Client Name="Kafka"/></Send>
</Action>
</Rule>
<Rule>
<Source>
<Client Name="Kafka"/>
</Source>
<Action>
<Send>
<FixSession SenderCompID="FE" TargetCompID="SC"/>
</Send>
</Action>
</Rule>
<DefaultRule>
<Action>
<DoNothing/>
</Action>
</DefaultRule>
</BusinessLayer>
</FIXEdge> |
Authentication Configuration
SSL Authentication
To configure SSL Authentication, follow these steps:
- Make sure the Kafka broker and adaptor are configured for SSL connection (link to instructions to be provided soon)
Set client authentication as "required" in the server.properties file
Code Block title Example collapse true listeners=PLAINTEXT://:9092,SSL://:9093 ssl.keystore.location=D:/SSL/kafka01.keystore.jks ssl.keystore.password=123456 ssl.key.password=123456 ssl.truststore.location=D:/SSL/kafka.truststore.jks ssl.truststore.password=123456 ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1 ssl.client.auth = requiredProvide ssl.key details in the FIXEdge.properties file
Code Block title Example collapse true TransportLayer.KafkaTA.Kafka.bootstrap.servers = localhost:9093 TransportLayer.KafkaTA.Kafka.security.protocol = SSL TransportLayer.KafkaTA.Kafka.ssl.ca.location = D:/SSL/root.pem TransportLayer.KafkaTA.Kafka.ssl.key.location = D:/SSL/kafka01.pem TransportLayer.KafkaTA.Kafka.ssl.key.password = 123456
SASL_PLAIN Authentication
To configure SASL_PLAIN authentication:
Use the following files and corresponding settings to install the Kafka broker
Code Block title server.properties file collapse true listeners=SASL_PLAINTEXT://:9092 sasl.enabled.mechanisms=PLAIN authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer allow.everyone.if.no.acl.found=trueCode Block title kafka_server_jaas.conf file collapse true KafkaServer{ org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret"; };Use the following file and corresponding settings in to configure the Kafka TA:
Code Block title FixEdge.properties file collapse true TransportLayer.KafkaTA.Kafka.bootstrap.servers = localhost:9092 TransportLayer.KafkaTA.Kafka.security.protocol = SASL_PLAINTEXT TransportLayer.KafkaTA.Kafka.sasl.mechanism=PLAIN TransportLayer.KafkaTA.Kafka.sasl.username=admin TransportLayer.KafkaTA.Kafka.sasl.password=admin-secret
SASL_SSL Authentication
This is a combination of an SSL connection with client authentication and SASL_PLAIN authentication.
To configure SASL_SSL Authentication:
Use the following files and corresponding settings to install the Kafka broker
Code Block title server.properties file collapse true listeners=PLAINTEXT://:9092,SASL_SSL://:9093 ssl.keystore.location=D:/SSL/kafka01.keystore.jks ssl.keystore.password=123456 ssl.key.password=123456 ssl.truststore.location=D:/SSL/kafka.truststore.jks ssl.truststore.password=123456 ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1 ssl.client.auth = required sasl.enabled.mechanisms=PLAIN authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer allow.everyone.if.no.acl.found=trueCode Block title kafka_server_jaas.conf file collapse true KafkaServer{ org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret"; };Use the following file and corresponding settings to configure the Kafka TA:
Code Block title FixEdge.properties file collapse true TransportLayer.KafkaTA.Kafka.bootstrap.servers = localhost:9093 TransportLayer.KafkaTA.Kafka.security.protocol = SSL TransportLayer.KafkaTA.Kafka.ssl.ca.location = D:/SSL/root.pem TransportLayer.KafkaTA.Kafka.ssl.key.location = D:/SSL/kafka01.pem TransportLayer.KafkaTA.Kafka.ssl.key.password = 123456 TransportLayer.KafkaTA.Kafka.sasl.mechanism=PLAIN TransportLayer.KafkaTA.Kafka.sasl.username=admin TransportLayer.KafkaTA.Kafka.sasl.password=admin-secret
SASL_GSSAPI Authentication
To configure SASL_GSSAPI Authentication:
Use the following files and corresponding settings to install the Kafka broker
Code Block title server.properties file collapse true listeners=SASL_GSSAPI://:9092 sasl.enabled.mechanisms=GSSAPI sasl.kerberos.service.name=kafkaCode Block title kafka_server_jaas.conf file collapse true KafkaServer{ com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab="/etc/security/keytabs/kafka_client.keytab" principal="connect@EXAMPLE.COM"; };Use the following file and corresponding settings to configure the Kafka TA
Code Block title FixEdge.properties file collapse true TransportLayer.KafkaTA.Kafka.bootstrap.servers = localhost:9092 TransportLayer.KafkaTA.Kafka.security.protocol = SASL_GSSAPI TransportLayer.KafkaTA.Kafka.sasl.mechanism=GSSAPI TransportLayer.KafkaTA.Kafka.sasl.kerberos.service.name=kafka
Logging
Kafka exhaustive logging means that any action with a configuration parameter is logged.
...