Important
You are viewing documentation for an older version of Confluent Platform. For the latest, click here.
Confluent Control Center UI Authentication¶
User login is available via HTTP Basic Authentication that is pluggable via JAAS. All options are documented here.
$ cat <<EOF > /tmp/confluent/login.properties
admin: admin_pw,Administrators
disallowed: no_access
EOF
$ cat <<EOF > /tmp/confluent/propertyfile.jaas
c3 {
org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
file="/tmp/confluent/login.properties";
};
EOF
$ cat <<EOF >> /path/to/control-center.properties
confluent.controlcenter.rest.authentication.method=BASIC
confluent.controlcenter.rest.authentication.realm=c3
confluent.controlcenter.rest.authentication.roles=Administrators,Restricted
confluent.controlcenter.auth.restricted.roles=Restricted
EOF
Now start Control Center to use the JAAS configuration like below:
$ CONTROL_CENTER_OPTS="-Djava.security.auth.login.config=/tmp/confluent/propertyfile.jaas" control-center-start /path/to/control-center.properties
Now when you access the UI you should be prompted for a username/password. Using admin:admin_pw to login will allow you in, and disallowd:no_access will be blocked. Any JAAS LoginModule should work.
UI HTTPS¶
HTTPS is supported for web access to Confluent Control Center. For more details, check the configuration options.
Authorization with Kafka ACLS¶
Standard Kafka authentication, authorization, and encryption options are available for control center and interceptors. We have provided a script for creating the ACLs necessary for Confluent Control Center to operate on an authorized cluster. This script needs to be run before you start Confluent Control Center:
$ export CONTROL_CENTER_OPTS="-Djava.security.auth.login.config=/path/to/kafka_jaas.conf"
$ bin/control-center-set-acls config/control-center.properties
You will also need to export a Confluent Control Center JAAS config before starting Confluent Control Center.
$ export CONTROL_CENTER_OPTS='-Djava.security.auth.login.config=/path/to/c3_jaas.conf'
$ bin/control-center-start config/control-center.properties