Authentication in Confluent Platform¶
By default, Confluent Platform is installed without authentication. Confluent Platform supports the following authentication mechanisms and protocols for Confluent Server brokers.
SASL¶
SASL (Simple Authentication Security Layer) is a framework that provides developers of applications and shared libraries with mechanisms for authentication, data integrity-checking, and encryption. The following topics explain how to configure SASL in Confluent Platform.
Mutual TLS (mTLS)¶
With mTLS (mutual TLS) authentication, both Kafka clients and servers use TLS certificates to verify each other’s identities to ensure that traffic is secure and trusted in both directions. The following topics explain how to configure mTLS in a Confluent Platform cluster.
HTTP Basic Authentication¶
You can use HTTP Basic Authentication
to authenticate with the Admin REST APIs using a username and password pair, which
are presented to the REST Proxy server using the Authorization
HTTP header.
Single Sign-on (SSO) for Confluent Control Center¶
You can use to offload the management of your Control Center users and authenticate to an OIDC-compliant identity provider (Microsoft Entra ID (Azure Active Directory), Okta, Keycloak, and others). By using SSO, you can manage your users in one place and use the same credentials to provide a seamless experience across Confluent Control Center and Confluent Cloud. The following topics explain how to configure OIDC SSO for Confluent Control Center.