SASL Authentication in Confluent Platform

SASL (Simple Authentication Security Layer) is a framework that provides developers of applications and shared libraries with mechanisms for authentication, data integrity-checking, and encryption.

SASL/OAUTHBEARER for authentication

SASL/OAUTHBEARER explains how to use SASL/OAUTHBEARER for authentication in Confluent Platform clusters. SASL/OAUTHBEARER enables the use the OAuth 2 Authorization framework in a SASL context to create and validate JSON web tokens for authentication.

GSSAPI (Kerberos) for authentication

SASL/GSSAPI (Kerberos) explains how to use SASL/GSSAPI for authentication to your Confluent Platform clusters using your Kerberos or Active Directory server.

SASL/PLAIN for authentication

SASL/PLAIN explains how to use SASL/PLAIN for authentication in Confluent Platform clusters. SASL/PLAIN uses a simple username and password for authentication.

SASL/PLAIN (using LDAP) for authentication

LDAP explains how to use LDAP for client authentication across your Confluent Platform clusters that use SASL/PLAIN.

SASL/SCRAM for authentication

SASL/SCRAM explains how to use SASL/SCRAM for authentication in Confluent Platform clusters. SASL/SCRAM uses usernames and passwords that are stored and managed within the Kafka metadata quorum in KRaft mode. Credentials are created during installation using Kafka administrative tools that interact directly with the brokers.

Delegation Tokens (SASL/SSL) for authentication

Delegation Tokens (SASL/SSL) explains how to use delegation tokens for authentication in Confluent Platform clusters. Delegation tokens use a lightweight authentication mechanism that you can use to complement existing SASL/SSL methods. Delegation tokens are shared secrets between Kafka brokers and clients.