Control Center UI Authentication

User login is available using HTTP Basic Authentication that is pluggable using JAAS. All of the configuration options are documented here.

To configure Control Center authentication:

  1. Specify the following options in,Restricted


    If you do not specify, then you could see an average of 10-20 authentication calls to LDAP per second, which is not optimal for most configurations. Refer to UI Authentication Settings for details.

  2. Create a JAAS file (propertyfile.jaas) similar to the following–note that the authentication realm is Control Center (c3):

    c3 {
        org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required

    Your password file in should look similar to the following:

    bob: <bob_password>,Administrators
    alice: <alice_password>,Restricted
  3. Start Control Center to use the JAAS configuration:

    CONTROL_CENTER_OPTS="" control-center-start /

After you are granted access to Control Center, you are prompted for sign-in credentials. Logging in as bob:<bob_password> provides read and write access. Logging in as alice:<alice_password> provides read-only access.

See also

For an example that shows this in action, see the Confluent Platform demo. Refer to the demo’s docker-compose.yml for a configuration reference.


HTTPS is supported for web access to Confluent Control Center. To enable HTTPS, you must first add an HTTPS listener in the Control Center properties file using the parameter. You must also set the appropriate SSL configuration options. If you haven’t already, this would be a good time to create SSL keys and certificates.

An example of the necessary additions to are shown below:
   curl -vvv -X GET --tlsv1.2 https://localhost:9022
#for cases when using a self-signed certificate
   curl -vvv -X GET --tlsv1.2 --cacert scripts/security/snakeoil-ca-1.crt https://localhost:9022