Client Authentication/Authorization

To send messages to and receive messages from the Solace Messaging Platform, a customer application or device must establish a TCP client connection to a specific Message VPN on a Solace router. These client connections are created and deleted dynamically as they connect to and disconnect from a router.

Client applications using Solace messaging Application Programming Interfaces (APIs) create sessions to establish client connections to Message VPNs. Client applications can also use the standard client connection approaches offered through other technologies supported by Solace. These technologies include Open Middleware Agnostic Messaging API (OpenMAMA), Representational State Transfer (REST) messaging service, and Message Queuing Telemetry Transport (MQTT) protocol.

Client Authentication

For an application to connect to a Message VPN as a client, the router must authenticate that client.

Client Authorization

A successfully authenticated client then goes through an authorization process to give it access to specific router resources and messaging capabilities on that Message VPN.

Clients that are established on a Message VPN are uniquely identified by a client name. The messaging API or Solace router may automatically generate this client name based on the username used, or, optionally, a client application may explicitly provide a client name that is a valid non‑wildcard topic up to a maximum length of 160 characters.

Note:  In addition to messaging applications, management applications that use SEMP Request Over Message Bus service may establish client connections to Solace routers perform monitoring and management operations. For more information, refer to Using SEMP to Manage and Monitor Routers.