[rabbitmq-discuss] RabbitMQ Federation & SSL
Eric Cozzi
n16483 at cray.com
Fri May 31 15:29:59 BST 2013
Thanks. I had looked at and read that page. But, I obviously need to
meditate on it some more.
Eric
On 05/30/2013 11:00 AM, Matthias Radestock wrote:
> Eric,
>
> On 30/05/13 15:35, Eric Cozzi wrote:
>> Thanks. Setting the local-username to a valid username fixed the
>> problem. But, I'm still confused.
>
> Take a look at the diagram and explanation at
> http://www.rabbitmq.com/federation.html#details
>
>> I have RabbitMQ configured to use the auth_mechanism_ssl plugin. So, why
>> do I have to set the local-username at all? I expected that by setting
>> the client ssl-keys in the federation URI, federation would pull the
>> username out of the SSL key and use that to authenticate. This works for
>> normal clients connecting via SSL. Why doesn't this work for federation
>> clients?
>
> The URIs you specify in the federation config tell a downstream
> (right-hand side of the diagram) how to establish an AMQP connection
> to an upstream (left-hand side of the diagram), thus establishing an
> upstream link (as labelled in the diagram) across which messages that
> have been published on the upstream are pulled to the downstream.
>
> The ssl config in the broker configuration of the upstream, and the
> ssl settings in the URIs of the federation config of the downstream,
> control authentication and authorisation for that link.
>
> But there is more....
>
> Any messages pulled down over the upstream link are re-published
> locally, via a local/internal connection - indicated by the fat arrow
> on the right-hand side that loops back onto the exchange. That local
> connection requires a username for authorisation. It is that username
> which you set in the federation config with local-username.
>
> Note that this user only requires authorisation, not authentication
> (hence no password, ssl credentials, etc).
>
>
> Regards,
>
> Matthias.
>
More information about the rabbitmq-discuss
mailing list