Setting Up Authentication for Pulsar

You can set up authentication and SSL to improve security between TIBCO BusinessEvents and Pulsar broker. You must configure Pulsar broker and Pulsar client (TIBCO BusinessEvents) for authentication.

    Procedure

  1. Configure the Pulsar broker for a security protocol that you require for authentication.

    For more details about the steps involved for configuring a Pulsar broker for a security protocol, refer to the Pulsar documentation.

  2. In BusinessEvents studio, configure the Pulsar channel fields for security:
Security Protocol Procedure
mTLS

  1. Start Pulsar broker with mTLS Authentication mode. To create the server and client certificate and to start the Pulsar broker, see Pulsar documentation.

  2. Select mTLS from the Security Protocol drop-down.

  3. Click Configure.

  4. Specify the configuration fields. For more information, see Pulsar Channel Configuration Properties.
JWT

  1. Generate the JWT authentication token by using the following commands:

    > bin/pulsar tokens create-secret-key --output my-secret.key
> bin/pulsar tokens create --secret-key file:///path/to/my-secret.key --subject test-user

  2. Start Pulsar broker with JWT Authentication type. For more information, see Pulsar documentation.

  3. In BusinessEvents Studio, select JWT from the Security Protocol drop-down.

  4. Click Configure.

  5. Specify the generated token in the Authentication Token field.
OAuth 2

  1. Start the Pulsar broker using OAuth 2 Authentication mode. For more information, see Pulsar documentation.

  2. In BusinessEvents Studio, from the Security Protocol drop-down, select OAuth 2.

  3. Click Configure.

  4. Specify the JSON configuration file path that includes type, client_id, client_secret, client_email, issuer_url parameter details.

  5. Specify Issuer and Audience URL.
HTTP Basic

  1. Start Pulsar broker with HTTP_BASIC Authentication. See Pulsar documentation.

  2. In BusinessEvents Studio, select HTTP_BASIC from the Security Protocol drop-down.

  3. Click Configure.

  4. Create Identity Resource for username and password fields. Specify the Identity Resource path when HTTP_BASIC configuration dialog box opens.