Disabling Basic Authentication for SEMP and Broker Manager
Basic authentication uses usernames and passwords to access your event broker's management interfaces. For high-security environments, you may need to disable this password-based authentication and use OAuth instead.
This setting, which is available only in version 10.25.18 and later, affects two key management interfaces:
- SEMP
- Broker Manager
CLI access via SSH is unaffected and continues to function with basic authentication for emergencies.
Before disabling basic authentication, you must configure and enable OAuth authentication. Without a working authentication method, you'll lose access to Broker Manager. For setup instructions, see Configuring OAuth Authentication.
When you disable basic authentication, all SEMPv1 and SEMPv2 requests using username and password credentials fail to authenticate unless they are sent over the message bus. Applications and tools that use SEMP, including Broker Manager, SolAdmin, Terraform providers, monitoring integrations, and custom scripts, must be configured to use OAuth authentication instead. For more information, see OAuth Authentication.
To disable basic authentication for SEMP and Broker Manager, enter the following commands:
solace(configure)# authentication solace(configure/authentication)# basic solace(configure/authentication/basic)# semp solace(configure/authentication/basic/semp)# shutdown
To restore basic authentication, enter the following command:
solace(configure/authentication/basic/semp)# no shutdown
Existing SEMP and Broker Manager sessions remain active when you disable basic authentication. Users currently logged in won't be disconnected, but new logins must use OAuth.