confluent-kafka-dotnet: SASL mechanism SCRAM-SHA-256 not working

I am trying to connect to Kafka brokers v0.10.2 running on Linux CentOS 7, where recently security was enabled.

I am using Confluent.Kafka v0.9.5 and my test producer and consumer applications are running on Windows 7 with .NET 4.6.1 framework.

I am trying to use the below configuration for the producer.

var config = new Dictionary<string, object>
            {
                { "bootstrap.servers", brokerList },
                { "client.id", $"MyCorp.Poc.Producer.1" },
                { "sasl.mechanism", "SCRAM-SHA-256" },
                { "security.protocol", "SASL_PLAINTEXT" },
                { "sasl.jaas.config", @"org.apache.kafka.common.security.scram.ScramLoginModule required username=""testuser"" password=""test$1245"";" },
                { "default.topic.config", new Dictionary<string, object>()
                    {
                        { "acks", -1 },
                        { "request.timeout.ms", 5000 },

                    }
                }
            };

I am getting following exception

Unhandled Exception: System.InvalidOperationException: No such configuration property: "sasl.mechanism"
   at Confluent.Kafka.Impl.SafeConfigHandle.Set(String name, String value)
   at Confluent.Kafka.Producer.<>c__DisplayClass22_0.<.ctor>b__2(KeyValuePair`2 kvp)
   at System.Collections.Generic.List`1.ForEach(Action`1 action)
   at Confluent.Kafka.Producer..ctor(IEnumerable`1 config, Boolean manualPoll, Boolean disableDeliveryReports)
   at Confluent.Kafka.Producer`2..ctor(IEnumerable`1 config, ISerializer`1 keySerializer, ISerializer`1 valueSerializer, Boolean manualPoll, Boolean disableDeliveryReports)
   at Confluent.Kafka.Producer`2..ctor(IEnumerable`1 config, ISerializer`1 keySerializer, ISerializer`1 valueSerializer)

Is SASL PLAINTEXT security protocol supported with Confluent.Kafka .net client? If not, are there any other options?

We have clients with both JAVA and ,NET, which security mechanism is going to work for both type of clients?

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 1
  • Comments: 18 (14 by maintainers)

Most upvoted comments

Just closing the loop on this issue. Authentication is now working after upgrading to Confluent.Kafka 0.11.0.

Here is the config I use for Producer

var config = new Dictionary<string, object>()
                {
                    {"bootstrap.servers", "mycorpmessagebroker01:9092,mycorpmessagebroker02:9092,mycorpmessagebroker03:9092"},
                    {"client.id", "Vinod_Test_Client"},
                    //begin security settings
                    {"sasl.mechanisms", "SCRAM-SHA-256"},
                    {"security.protocol", "SASL_PLAINTEXT"},
                    {"sasl.username", "testuser"},
                    {"sasl.password", "testpwd"},
                    {"api.version.request", "true"}
                    //end security settings
                    {
                        "default.topic.config", new Dictionary<string, object>()
                        {
                            {"acks", -1}
                        }
                    }
                };

I opened another issue #285 . After implementing authentication, ran into a CPU issue when I am using more number of consumers per topic.

+1
vinodres on Oct 3, 2017

The configuration property is sasl.mechanisms (plural, even though you can only specify one).

The next librdkafka release will support SASL-SCRAM, but v0.9.5 does not. If you want an early start you can try librdkafka master.

+1
edenhill on May 9, 2017
Read more comments on GitHub
← confluent-kafka-dotnet: regex subscription causes librdkafka to fault
confluent-kafka-dotnet: Slow manual commits →