In systems deployed on premises, Pega supports configuring SASL authentication between Pega Platform and the Kafka cluster using a JAAS configuration file. To configure SASL authentication, perform the following steps:
- In the Kafka cluster, configure the Kafka Client credentials in the JAAS configuration file to enable either simple authentication (using a username and password) or Kerberos authentication.
- Pass the location of the JAAS configuration file as a JVM parameter in the Kafka cluster, for example: -Djava.security.auth.login.config = <path_to_JAAS_file>
For more information about configuring the JAAS configuration file, see the Apache Kafka documentation.
To create your Kafka configuration instance, perform the following steps:
- In the header of Dev Studio, click .
- On the New tab, enter identifying information for this
- In the Short description field, enter a comment on the purpose of this rule.
- In the Kafka field, enter an appropriate name for this Kafka service connection, for example, Kafka-service-1.
- Click Create and open.
- In the Details section, configure a host and port combination to
connect to the Kafka cluster:
- In the Host field, enter the address of the Kafka cluster.
- In the Port field, enter the port number.
- Optional: Click Add host to configure additional host and port combinations.
Note: Pega Platform discovers all nodes in the cluster during the first connection. This means that you can enter a single host and port combination to connect to a Kafka cluster. As a best practice, enter at least two host and port combinations to ensure a successful connection when a node is unavailable during a Pega Platform restart.
- Configure an authentication method for this Kafka server connection:
Options Actions SSL-based authentication
- In the Security settings section, select the Use SSL configuration check box.
- In the Truststore field, press the Down Arrow key and select a truststore file that contains a Kafka certificate or create a truststore record by clicking the Open icon.
- Select Use client certificate and enter the Pega Platform private key and private key password credentials in the Keystore and Key password fields respectively.
SASL-based authentication Note: This option is only supported in on-premises systems.
- In the Authentication section, select Use authentication.
- Select the authentication type:
- To enable authentication using login credentials, select Username and password, and then enter the login credentials.
- To enable authentication using Kerberos, select Kerberos, and then enter the Kerberos authentication key.
Tip: If you see the message No JAAS configuration file set, SASL authentication between Pega Platform and the Kafka cluster is not configured. For configuration steps, see the Before you begin section of this procedure.
- Click Test connectivity to test the connection between Pega Platform and the Kafka cluster.
- If the Kafka cluster is connected, click Save.