The Simple Authentication and Security Layer (SASL) is a framework for providing authentication and data security services in connection-oriented protocols via replaceable mechanisms according to the official SASL protocol specification. SASL specifies the structured interface between protocols and mechanisms. As SASL is a framework on top of the other frameworks, we can use SASL into SMTP, LDAP, XMPP, and other communication protocols. SASL provides the abstraction layer for each of the communication protocols, as shown in the following image:
Figure 8.2: SASL framework
RabbitMQ has a plugin to support SASL authentication mechanisms. There are three mechanisms built into the server:
- Plain: SASL PLAIN authentication provided. This is enabled by default in the RabbitMQ server and clients.
- AMQPlain: This is nonstandard version of PLAIN that is defined in the AMQP 0-8 specifications.
- Rabbit-CR-Demo: This is the nonstandard mechanism, which demonstrates challenge-response authentication, is provided according to the RabbitMQ documentation.
- External: Custom mechanism to externally control authentication.
- SSL: In this case, the external mechanism is SSL, which can authenticate users with certificate
- LDAP: In this case, the external mechanism is LDAP, which can authenticate users using the LDAP database
- HTTP: In this case, the external mechanism is HTTP, which can authenticate users from web server that knows the user credentials.
Before using the SASL plugin in your RabbitMQ server, you should choose the mechanism in the configuration file. The default value of the auth_mechanisms key is ['PLAIN', 'AMQPLAIN']; however, you can change the default values according to your credential system.
Additionally, if you define an authentication mechanism for SASL, you should connect to the servers from the client's setting SaslConfig properties of the API. In Java API, you can find the current SASL config with the function getSaslConfig of ConnectionFactory. Moreover, you can set the related mechanism using the ConnectionFactory.AuthMechanisms object within C# API.