Try PubSub+

Message Sender Identity

armarm Member Posts: 3

I have used the JMSXUserId to maintain message sender identity but noticed this feature isn’t available when using certificate authentication. Is there a comparable way to securely identify the message senders identity when using certificate authentication.

Best Answer


  • armarm Member Posts: 3

    The issue with setting the property pragmatically is that it can be spoofed by the producer. The JMSXUserId can only be the username which required authentication that can be controlled.

  • marcmarc Member, Administrator, Moderator, Employee Posts: 114 admin

    I agree with your concern about the potential of spoofing by the producers, but you could potentially lesson this concern by restricting what certificates you trust and/or tightening ACL Profiles to restrict what endpoints a client can publish to.

    As a follow-on to my previous post: our team is looking into potentially allowing the Username source (by default "common name") to be used for the JMSXUserID when using client cert auth, but to be clear, at this point I don't have an answer of if they will do it or when it will be done. If you happen to know of another broker that allows this let me know and I'll pass it along to the team.

Sign In or Register to comment.