Client Authentication / Authorization

To send messages to and receive messages from Solace PubSub+, a customer application or device must establish a TCP client connection to a specific Message VPN on a Solace PubSub+ message broker. These client connections are created and deleted dynamically as they connect to and disconnect from a message broker.

Client applications using Solace messaging Application Programming Interfaces (APIs) create sessions to establish client connections to Message VPNs. Client applications can also use the standard client connection approaches offered through other technologies supported by Solace. These technologies include Open Middleware Agnostic Messaging API (OpenMAMA), Representational State Transfer (REST) messaging service, and Message Queuing Telemetry Transport (MQTT) protocol.

  • Client Authentication—For an application to connect to a Message VPN as a client, the message broker must authenticate that client.
  • Client Authorization—A successfully authenticated client then goes through an authorization process to give it access to specific message broker resources and messaging capabilities on that Message VPN.

    Clients that are established on a Message VPN are uniquely identified by a client name. The messaging API or message broker may automatically generate this client name based on the username used, or, optionally, a client application may explicitly provide a client name that is a valid non‑wildcard topic up to a maximum length of 160 characters.

Note:  In addition to messaging applications, management applications that use SEMP Request Over Message Bus service may establish client connections to Solace PubSub+ message brokers, perform monitoring and management operations. For more information, refer to Legacy SEMP.