copyright

lastupdated

years
2015, 2017

2017-10-17

{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:codeblock: .codeblock} {:pre: .pre}

How to connect and authenticate

{: #kafka_connect}

To connect to {{site.data.keyword.messagehub}}, the Kafka API uses the kafka_brokers_sasl credentials, and the user and password from the VCAP_SERVICES environment variable.

Using the sasl.jaas.config property (connecting and authenticating in a Java application)

{: #kafka_java notoc} If you're using a Kafka client at 0.10.2.1 or later, you can use the sasl.jaas.config property for client configuration instead of a JAAS file. To connect to {{site.data.keyword.messagehub}}, set sasl.jaas.config as follows:

    sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
    username="USERNAME" \
    password="PASSWORD";

{:codeblock}

where USERNAME and PASSWORD are the values from your {{site.data.keyword.messagehub}} Service Credentials tab in {{site.data.keyword.Bluemix_notm}}.

If you use sasl.jaas.config, clients running in the same JVM can use different credentials. For more information, see Configuring Kafka clients External link icon {:new_window}

For an earlier Kafka client, you must use a JAAS configuration file to specify the credentials. This mechanism is less convenient therefore we recommend using the sasl.jaas.config property instead.

Connecting and authenticating in an application other than Java

{: #kafka_notjava notoc}

The {{site.data.keyword.messagehub}} service currently authenticates clients by using SASL PLAIN over TLS. Credentials are carried over an encrypted connection. This is a new feature added in Kafka 0.10.0.X. The following example is a sample configuration file named consumer.properties:

key.deserializer=org.apache.kafka.common.serialization.StringDeserializer
value.deserializer=org.apache.kafka.common.serialization.StringDeserializer
#
client.id=kafka-java-console-sample-consumer
group.id=kafka-java-console-sample-group
#
security.protocol=SASL_SSL
sasl.mechanism=PLAIN
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="USERNAME" password="PASSWORD";
ssl.protocol=TLSv1.2
ssl.enabled.protocols=TLSv1.2
ssl.endpoint.identification.algorithm=HTTPS
#
# please read the Kafka docs about this setting
auto.offset.reset=latest

{: codeblock}

Any client that supports Kafka 0.10 with SASL PLAIN should work with {{site.data.keyword.messagehub}}. Example clients are as follows:

librdkafka {:new_window}
confluent-kafka-python {:new_window}

If you are using the earlier Kafka 0.9.0.0 client, you need to use a custom login module, which you can download from {{site.data.keyword.messagehub}} login module External link icon {:new_window}.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

messagehub063.md

messagehub063.md

How to connect and authenticate

Using the sasl.jaas.config property (connecting and authenticating in a Java application)

Connecting and authenticating in an application other than Java

Files

messagehub063.md

Latest commit

History

messagehub063.md

File metadata and controls

How to connect and authenticate

Using the sasl.jaas.config property (connecting and authenticating in a Java application)

Connecting and authenticating in an application other than Java