security

Do you have any guide to setup solace/solace-pubsub-standard over SSL?
I am looking for a guide to setup the docker container solace/solace-pubsub-standard with SSL and/or test-containers The guide focuses on the non-authenticated version I tried generating a self-signed certificate and adding it to /usr/sw/jail/certs but I have been unable to connect using SSL. After ClientHello all I see is…
How can I configure SSL with a key password?
According to this guide: I must add my certificates to `/usr/sw/jail/certs` as well as To maintain private key security and to prevent unauthorized users from copying private keys from the event broker, Solace strongly recommends that only password‑protected private keys are used for the server certificate. The guide…
How to enable TLS connection in spring boot?
Hello everyone, I have successfully integrated queue communication in solace with spring boot but I'm facing an issue. I want to make it such that any client without a valid certificate (jks) is not allowed to connect even if the credentials are valid. It seems that the default settings allow anyone with credentials to…
Rootless Containers with Podman Now Supported in PubSub+ 10.1
Podman is a relatively new container runtime but, as the default in Red Hat Enterprise Linux 8 it is quickly gaining in popularity. PubSub+ 10.1 adds full support for Podman including running PubSub+ as a rootless container. For years Docker has been synonymous with containers; some security teams took issue with the fact…
Sending json message using Python to queue using Kerberos authentication.
Does python api supports solace Kerberos authentication?. If so can any one share sample code? If not what are other ways to use Kerberos authentication for sending json message.
.Net integration using .pem certificate
Hello, I'm looking for some help on how to import .pem certificate and use it .Net code. Any help or sample implementation for reference will be appreciated.
OAuth + Microsoft Azure AD
Hello guys, does anyone have experience with how to set up the Solace connection using Microsoft Azure AD? I am aware of OAuth profiles in Solace admin, but not really sure what to input there. Thank you very much, Regards, Stan.
How to change solace client name
Hi all, On the web portal, my connections showing a random generated client name. I would like to ask how can I assign a more meaningful name on the application side? I am using python apis. I am using config like this by following the hello_world_pubsub.py example. Thanks broker_props = {…
How to test TLS connection and server certificate
If you use TLS to secure your connections (and you should use TLS as often as possible), you sometime have issues connecting to your TLS ports. Here, I will describe a way to debug that. Try to connect to a port You're not sure, if your service / port is enabled or (most probably) if all your firewall rules are in place ?…
REST Consumer (RDP) OAuth JWT Authentication
Hi All, I am trying to configure service account authentication from solace REST consumer using OAuth JWT Authentication as specified here: https://docs.solace.com/Configuring-and-Managing/Managing-RDPs.htm#managing_rest_messaging_1948951837_1004979. My HTTP endpoint is Cloud Run service in Google Cloud Platform and needs…
Authentication using only certificate
Hi All, Is it possible to authenticate using only certificate? without clientUsername and clientPassword, i tested below setup but got 401 authentication error. Any help is appreciated, thank you. solace: java: host: tcps://192.168.133.64:55443 msgVpn: default connectRetries: -1 reconnectRetries: -1 apiProperties:…
Will there be support for OAuth2 JWTs signed with EC256?
Hello, we evaluating Solace as a Pub-Sub-Broker for our infrastructure. We want to use our authorization server with the OAuth2 Client Credential Grant for client authentication and scopes for authorisation. The server issued JWTs signed with the EC256 algorithm. I understand that the OAuth provider is only available with…
What username will Bridge use if no username is mentioned?
Hi, I created two bridges on the same appliance for two different VPN's from two different software brokers for two different VPN's, I haven't mentioned client username in both the bridges. And I observed that one of the bridge is using #client-username and the other is using default. There are no configuration changes as…
Request/Reply with dynamic topics after authenticating with Oauth2
Hye guys, I' ve set up a request/reply in using the message gateway. Everything runs fine. Now I want my user first to authenticate on my keycloak server and then make the request/reply just for his user. But there are 2 things not completely clear to me. Do I have to do this with a dynamic queue or topic that includes for…
solace broker WSS connection issue
WSS connection is not getting established for solace. Neither with/out corporate vpn.
SSL/TLS connection rejected by remote host
Below error is triggered and fills the log file event and system log files. Please assist what could be the issue. 2021-08-25T09:46:47.432+00:00 <local3.info> **** SOLACEINFO: SYSTEM: SYSTEM_SSL_CONNECTION_REJECTED: - - SSL Connection rejected: reason (Connection closed by remote host); connection to 127.0.0.1:8091 from…
Secure Connection on LocalHost (C API)
Hi, I am using the solace localhost to connect to my applications. I am able to do a default connection, but the secure connection is giving me an issue. I am running my localhost as: ./farePub tcps://localhost:55443 default admin admin topic ../ssl The error I am getting is: SDK NOTICE Thu Aug 19 18:47:26.741 2021…
Setting up AWS Cognito OAuth for PubSub+
Hello! Has anyone had success setting up AWS Cognito OAuth for PubSub+? I went through How to set up Solace PubSub+ Event Broker with OAuth for MQTT against Keycloak but was unable to translate the instructions to Cognito. Has anyone integrate the two successfully? If so, any pointers or advice on doing so? Thank you!
Deploying own TLS certs on a broker that is deployed on AKS (K8S in azure)
Hi all together, I tried to achieve following: Having custom TLS certificates on our Solace broker that is deployed on an azure Kubernetes services (AKS) cluster. This is due to the requirement that only internal traffic is allowed for internal customers of our solace broker. We have a k8s Loadbalancer that routes all the…
Does Solace Support Server-sent Events
wanted to know if solace supports server sent events for creating a streaming API that pushes text messages from server to clients.
Caused by: javax.naming.NamingException: JNDI lookup failed - 403: Client Username Is Shutdown
Hi Team, While connecting securely Solace from MuleSoft Integration product using AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE with below studio version, Anypoint Studio - Tooling for Mule RuntimeVersion: 7.8.0Build Id: 202101272310 Caused by: org.mule.extensions.jms.api.exception.JmsExtensionException: JNDI lookup failed -…
Unable to authenticate using "KERBEROS AUTHENTICATION SCHEME"
Hi Team, When i am trying to connect to a session using Kerberos Authentication Scheme. It throws Unauthorized Login failure error. can anyone please tell me what must have been missing? Below is the list of Session Properties i am passing to connect to the session. I am using C API. propIndex =0; sessionProps[propIndex++]…
Quarkus native and solace client issue
Hello, I'm developing an application with Quarkus and Solace. Quarkus allows you to compile java to a native application. Compilation is fine, but at runtime I have this issue: 2020-11-13 12:49:18,462 ERROR [io.qua.run.Application] (main) Failed to start application (with profile dev): java.io.FileNotFoundException:…
how to copy certs to solace using cli
As per the doc, it was told to use the sftp command to copy certs from the remote host to /certs folder of solace. But, when am trying the same its throwing error: solace-ac> copy sftp://root@****/tmp/caserver.pem /certs/caserver.pem Invalid command input copy sftp://root@****/tmp/caserver.pem /certs/caserver.pem ^ ->…
Unable to setup SSL based replication between two HA triplets
Hi, I have two HA triplets and I am trying to setup the SSL based native Solace Replication (Async) between them. Attempt 1: I generated server certificate with following instructions: openssl req -x509 -newKey rsa:4096 -keyout certs/solace_server.key -out certs/solace_server.crt -days 365cat certs/solace_server.key…
Can't connect to manager using TLS on port 1943
Hi, I've installed a Solace broker on an EC2 instance for test & training purposes. Works OK, we are able to manage the broker thru 8080, connect from Boomi using 55555 etc etc. Now, the next step is to use TLS for all connections. With Solace Cloud, that's easy. But how to set this up using your own EC2 instance? I had a…
Solace Cloud and basic auth
For one of our projects, we want to connect an ERP platform that can push events using a webhook mechanism. We use a Solace HTTP endpoint for this. The Solace part works fine. Challenge The ERP platform does not allow you to use a secured endpoint. So, we can't config certs or config basic authentication. It can only…
How to copy files to/from a Solace broker
This looks like a frequently asked question - so I try to list all options to transfer files to/from a Solace broker. Why do you need to transfer files ? This list are just some of the frequent use cases. * upload certificates (server cert, CA chains) to the broker * Download configuration backup files from the broker *…
Upload Certificate Authority
Hi everyone :) , I've been searching in the documentation and in the community forums for a while but I did not find the answers I need. I would like to enable TLS both on my PubSub+ Cloud service and on my PubSub+ broker running in a Docker container. What I got so far is that I need to upload a server certificate on my…
Configuring the server certificate on PubSub Broker- Invalid certificate
Hi everyone, I'm having difficulties in configuring the broker's certificate correctly. I want to enable secure web messaging on a Oracle Linux VM that has a public IP. I installed a fresh Oracel Linux VM, installed Solace and everything is working correctly. As I also have a PubSub+ Cloud account, I tested it by sending…

security

This Month's Leaders

This Week's Leaders

security

Discussion List

This Month's Leaders

This Week's Leaders