[rabbitmq-discuss] RabbitMQ Federation & SSL

Eric Cozzi n16483 at cray.com
Fri May 31 15:29:59 BST 2013

Thanks. I had looked at and read that page. But, I obviously need to 
meditate on it some more.


On 05/30/2013 11:00 AM, Matthias Radestock wrote:
> Eric,
> On 30/05/13 15:35, Eric Cozzi wrote:
>> Thanks. Setting the local-username to a valid username fixed the
>> problem. But, I'm still confused.
> Take a look at the diagram and explanation at 
> http://www.rabbitmq.com/federation.html#details
>> I have RabbitMQ configured to use the auth_mechanism_ssl plugin. So, why
>> do I have to set the local-username at all? I expected that by setting
>> the client ssl-keys in the federation URI, federation would pull the
>> username out of the SSL key and use that to authenticate. This works for
>> normal clients connecting via SSL. Why doesn't this work for federation
>> clients?
> The URIs you specify in the federation config tell a downstream 
> (right-hand side of the diagram) how to establish an AMQP connection 
> to an upstream (left-hand side of the diagram), thus establishing an 
> upstream link (as labelled in the diagram) across which messages that 
> have been published on the upstream are pulled to the downstream.
> The ssl config in the broker configuration of the upstream, and the 
> ssl settings in the URIs of the federation config of the downstream, 
> control authentication and authorisation for that link.
> But there is more....
> Any messages pulled down over the upstream link are re-published 
> locally, via a local/internal connection - indicated by the fat arrow 
> on the right-hand side that loops back onto the exchange. That local 
> connection requires a username for authorisation. It is that username 
> which you set in the federation config with local-username.
> Note that this user only requires authorisation, not authentication 
> (hence no password, ssl credentials, etc).
> Regards,
> Matthias.

More information about the rabbitmq-discuss mailing list