Want to integrate strimzi kafka with active directory

[amitpwc]

We are trying integrate strimzi kafka with on-premise actve directory.

[scholzj]

Integrate for what? Authentication? I think you can use OAuth. Have you read the docs about it?

@mstruk I think you dealt with this before in OAuth?

[amitpwc]

@mstruk Thanks for your response.
For Oauth ADFS is required but in our environment there is no ADFS server. Is it possible to integrate strimzi kafka with active directory without ADFS through Oauth the please share the articles.

[scholzj]

I'm not aware of any other option I'm afraid.

[mstruk]

Integration with LDAP / Active Directory over OAuth is always done on the authorization server side. It means that Kafka clients and Kafka brokers are not aware of it at all. It's a matter of configuring user federation on you authorization server to use your LDAP server. One such authorization server that allows you to do that for example is Keycloak. For ADFS on-premise alternatives there are open source solutions like OpenLDAP.

You have to configure your authorization server (e.g. Keycloak) to use your LDAP / AD server as a store of users. Then you configure Strimzi Operator to use your authorization server via oauth authentication. You may also need a custom authorizer, or if you use Keycloak, there is a keycloak authorization type in Strimzi Operator, which makes use of Keycloak Authorization services so you can manage permissions directly in Keycloak Admin UI.

For an example check out this repository: https://github.com/keunlee/amq-streams-broker-authorization-sample

[amitpwc]

@mstruk Thanks a lot