Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
titleBL_Config
collapsetrue
<FIXEdge>
    <BusinessLayer>

       <Rule>
            <Source>
                <FixSession SenderCompID="SC" TargetCompID="FE"/>
            </Source>
            <Action>
                <Send><Client Name="Kafka"/></Send>
            </Action>
        </Rule>
       <Rule>
            <Source>
                <Client Name="Kafka"/>
            </Source>
            <Action>
                <Send>
                    <FixSession SenderCompID="FE" TargetCompID="SC"/>
                </Send>
            </Action>
        </Rule>

        <DefaultRule>
            <Action>
                <DoNothing/>
            </Action>
        </DefaultRule>

    </BusinessLayer>
</FIXEdge>

Authentication Configuration

SSL Authentication

To configure SSL Authentication, follow these steps:

  1. Make sure the Kafka broker and adaptor are configured for SSL connection (link to instructions to be provided soon)
  2. Set client authentication as "required" in the server.properties file

    Code Block
    titleExample
    collapsetrue
    listeners=PLAINTEXT://:9092,SSL://:9093
    ssl.keystore.location=D:/SSL/kafka01.keystore.jks
    ssl.keystore.password=123456
    ssl.key.password=123456
    ssl.truststore.location=D:/SSL/kafka.truststore.jks
    ssl.truststore.password=123456
    ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1
    ssl.client.auth = required
  3. Provide ssl.key details in the FIXEdge.properties file

    Code Block
    titleExample
    collapsetrue
    TransportLayer.KafkaTA.Kafka.bootstrap.servers = localhost:9093
    TransportLayer.KafkaTA.Kafka.security.protocol = SSL
    TransportLayer.KafkaTA.Kafka.ssl.ca.location = D:/SSL/root.pem
    TransportLayer.KafkaTA.Kafka.ssl.key.location = D:/SSL/kafka01.pem
    TransportLayer.KafkaTA.Kafka.ssl.key.password = 123456

SASL_PLAIN Authentication

To configure SASL_PLAIN authentication:

  1. Use the following files and corresponding settings to install the Kafka broker

    Code Block
    titleserver.properties file
    collapsetrue
    listeners=SASL_PLAINTEXT://:9092
    sasl.enabled.mechanisms=PLAIN
    authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
    allow.everyone.if.no.acl.found=true
    Code Block
    titlekafka_server_jaas.conf file
    collapsetrue
    KafkaServer{
        org.apache.kafka.common.security.plain.PlainLoginModule required
        username="admin"
        password="admin-secret"
        user_admin="admin-secret";
    };



  2. Use the following file and corresponding settings in to configure the Kafka TA:

    Code Block
    titleFixEdge.properties file
    collapsetrue
    TransportLayer.KafkaTA.Kafka.bootstrap.servers = localhost:9092
    TransportLayer.KafkaTA.Kafka.security.protocol = SASL_PLAINTEXT
    TransportLayer.KafkaTA.Kafka.sasl.mechanism=PLAIN
    TransportLayer.KafkaTA.Kafka.sasl.username=admin
    TransportLayer.KafkaTA.Kafka.sasl.password=admin-secret

SASL_SSL Authentication

This is a combination of an SSL connection with client authentication and SASL_PLAIN authentication.

To configure SASL_SSL Authentication:

  1. Use the following files and corresponding settings to install the Kafka broker

    Code Block
    titleserver.properties file
    collapsetrue
    listeners=PLAINTEXT://:9092,SASL_SSL://:9093
    ssl.keystore.location=D:/SSL/kafka01.keystore.jks
    ssl.keystore.password=123456
    ssl.key.password=123456
    ssl.truststore.location=D:/SSL/kafka.truststore.jks
    ssl.truststore.password=123456
    ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1
    ssl.client.auth = required
    sasl.enabled.mechanisms=PLAIN
    authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
    allow.everyone.if.no.acl.found=true
    Code Block
    titlekafka_server_jaas.conf file
    collapsetrue
    KafkaServer{
        org.apache.kafka.common.security.plain.PlainLoginModule required
        username="admin"
        password="admin-secret"
        user_admin="admin-secret";
    };



  2. Use the following file and corresponding settings to configure the Kafka TA:

    Code Block
    titleFixEdge.properties file
    collapsetrue
    TransportLayer.KafkaTA.Kafka.bootstrap.servers = localhost:9093
    TransportLayer.KafkaTA.Kafka.security.protocol = SSL
    TransportLayer.KafkaTA.Kafka.ssl.ca.location = D:/SSL/root.pem
    TransportLayer.KafkaTA.Kafka.ssl.key.location = D:/SSL/kafka01.pem
    TransportLayer.KafkaTA.Kafka.ssl.key.password = 123456
    TransportLayer.KafkaTA.Kafka.sasl.mechanism=PLAIN
    TransportLayer.KafkaTA.Kafka.sasl.username=admin
    TransportLayer.KafkaTA.Kafka.sasl.password=admin-secret

SASL_GSSAPI Authentication

To configure SASL_GSSAPI Authentication:

  1. Use the following files and corresponding settings to install the Kafka broker

    Code Block
    titleserver.properties file
    collapsetrue
    listeners=SASL_GSSAPI://:9092
    sasl.enabled.mechanisms=GSSAPI
    sasl.kerberos.service.name=kafka
    Code Block
    titlekafka_server_jaas.conf file
    collapsetrue
    KafkaServer{
        com.sun.security.auth.module.Krb5LoginModule required
        useKeyTab=true
        storeKey=true
        keyTab="/etc/security/keytabs/kafka_client.keytab"
        principal="connect@EXAMPLE.COM";
    };


  2. Use the following file and corresponding settings to configure the Kafka TA

    Code Block
    titleFixEdge.properties file
    collapsetrue
    TransportLayer.KafkaTA.Kafka.bootstrap.servers = localhost:9092
    TransportLayer.KafkaTA.Kafka.security.protocol = SASL_GSSAPI
    TransportLayer.KafkaTA.Kafka.sasl.mechanism=GSSAPI
    TransportLayer.KafkaTA.Kafka.sasl.kerberos.service.name=kafka


Logging

Kafka exhaustive logging means that any action with a configuration parameter is logged.

...