Configuring Authentication for Micro-Integration Connectivity to Event Broker Services

The Micro-Integrations you create use basic authentication by default when establishing Messaging Connectivity with event broker services. You can choose to configure more advanced authentication options for your Micro-Integrations, including client certificate and OAuth authentication. Configuring more advanced authentication methods forces the Micro-Integration to authenticate using the configured authentication method.

For more information, see the following sections:

Configuring Micro-Integration Authentication

The basic default authentication allows Micro-Integrations to authenticate with the event broker service using the event broker service's management username and password. You can find the management username and password under the Management Access section of the Status tab of an event broker service in Cluster Manager. For more information, see Detailed Service Information.

You can configure Micro-Integrations to use more advanced authentication methods when connecting to an event broker service, including:

Configuring OAuth Authentication

To configure OAuth authentication for a Micro-Integration connecting to an event broker service, perform these steps:

  1. Create a Micro-Integration as outlined in Create a Micro-Integration, and depending on whether you are creating a source or target Micro-Integration either:

  2. You must complete the Client Username, Token URI, Client ID, and Client Secret fields with information provided by your OAuth Identity Provider (IdP). You can provide additional information about the client certificate using the fields in the Advanced Options section.

    FieldDefinition
    Token URIThe token endpoint (an URL) where the Micro-Integration exchanges an authorization code for an access token.
    Client ID The client ID is an alphanumeric string unique to the application you created in your IdP and is provided when you create the OAuth application.
    Client SecretThe client secret is a string used to sign and validate ID tokens for authentication flows and is provided when you create the OAuth application.
    Scopes(Optional) Enter scopes to limit the resources and actions the Micro-Integration can access on the event broker service.
    Client Name(Optional) The client name is a label used to identify an application registered with your authorization server.

  3. Complete the rest of the Create a Micro-Integration procedure.

Configuring Client Certificate Authentication

To configure client certificate authentication for a Micro-Integration connecting to an event broker service, perform these steps:

  1. Create a Micro-Integration as outlined in Create a Micro-Integration, and depending on whether you are creating a source or target Micro-Integration either:

  2. You must complete SSL Key Store field, and you can complete the Client Username field if required. You can provide additional information about the client certificate using the fields in the Advanced Options section.

    FieldDefinition
    Client Username

    (Optional) Enter a username. If a username is not provided, the Micro-Integration will get the username from the client certificate.

    This is typically used in conjunction with the client certificate to identify the user. It may be part of the certificate’s subject field or used separately in the application layer for additional authentication.

    SSL Key Store

    Click Upload File and then navigate to and select the SSL Key containing the client certificate.

    This is a secure storage location where the client’s private key and certificate are stored. The key store ensures that the private key is kept secure and can only be accessed by authorized users.

    Key Store Format

    Select the key store format. Solace supports the following key store formats:

    • JKS (Java KeyStore)

    • PKCS12

    For information about creating key store keys, see the OpenSSL documentation.

    Key Store Password

    Enter the key store password.

    This password protects the key store itself. It is required to access the contents of the key store, including the private key and certificate.

    Private Key Alias Name

    Enter the private key alias name used to identify the client certificate in the key store.

    This is an identifier used within the key store to reference the specific private key and certificate pair. It allows the client to select the correct key and certificate when multiple pairs are stored in the key store.

    Private Key Password

    Enter the private key password.

    This password protects the private key within the key store. It is required to decrypt and use the private key for creating digital signatures during the authentication process.

  3. Complete the rest of the Create a Micro-Integration procedure.

Viewing Target Micro-Integration Authentication Configuration

You can view the authentication configuration for an existing Micro-Integration. To view the authentication of a Micro-Integration perform the following steps:

  1. Log in to the PubSub+ Cloud Console if you have not done so yet. The URL to access the Cloud Console differs based on your authentication scheme. For more information, see Logging In to the PubSub+ Cloud Console.

  2. On the navigation bar, select Micro-Integrations.

  3. On the Micro-Integrations page, click the name of the target Micro-Integration to open the Micro-Integration Details Page.

  4. Click the Source Connection tab.

    The target Micro-Integration authentication information is shown under the Authentication section of the Source Connection tab of the Micro-Integration Details Page.

Editing Target Micro-Integration Authentication Configuration

You can update or change the authentication used by an undeployed Micro-Integration. To edit the authentication information of an undeployed Micro-Integration, see Editing a Micro-Integration.