JAAS config for Oauthbearer configuration

[Shawcs]

Hello, when I try to configure the schema registry to communicate with an oauth secured kafka cluster I got:
Login module control flag not specified in JAAS config when I run /etc/confluent/docker/launch inside my docker image

My setup is the following:

• Kafka cluster on premise (not a confluent one)
• Authentication provider is a Windows ADFS (tested and working with spring/quarkus kafka clients)
• All running inside docker containers

I'm using a configuration looking like this for the registry inside my schema-registry.properties file:

kafkastore.sasl.jaas.config= 'org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required oauth.client.id="registry-client" oauth.client.secret="MY_SECRET" oauth.token.endpoint.uri="https://login.dev.net/adfs/oauth2/token" ;'
kafkastore.security.protocol=SASL_SSL
kafkastore.sasl.mechanism=OAUTHBEARER

any idea what config I could miss or if it's a licence problem ?

---

the full error stack trace:

[2024-01-23 10:26:54,798] ERROR Server died unexpectedly:  (io.confluent.kafka.schemaregistry.rest.SchemaRegistryMain:55)
org.apache.kafka.common.KafkaException: Failed to create new KafkaAdminClient
        at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:694)
        at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:621)
        at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:616)
        at org.apache.kafka.clients.admin.Admin.create(Admin.java:134)
        at org.apache.kafka.clients.admin.AdminClient.create(AdminClient.java:39)
        at io.confluent.kafka.schemaregistry.storage.KafkaSchemaRegistry.kafkaClusterId(KafkaSchemaRegistry.java:1976)
        at io.confluent.kafka.schemaregistry.storage.KafkaSchemaRegistry.<init>(KafkaSchemaRegistry.java:209)
        at io.confluent.kafka.schemaregistry.rest.SchemaRegistryRestApplication.initSchemaRegistry(SchemaRegistryRestApplication.java:73)
        at io.confluent.kafka.schemaregistry.rest.SchemaRegistryRestApplication.configureBaseApplication(SchemaRegistryRestApplication.java:101)
        at io.confluent.rest.Application.configureHandler(Application.java:299)
        at io.confluent.rest.ApplicationServer.doStart(ApplicationServer.java:201)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
        at io.confluent.kafka.schemaregistry.rest.SchemaRegistryMain.main(SchemaRegistryMain.java:44)
Caused by: java.lang.IllegalArgumentException: Login module control flag not specified in JAAS config
        at org.apache.kafka.common.security.JaasConfig.parseAppConfigurationEntry(JaasConfig.java:110)
        at org.apache.kafka.common.security.JaasConfig.<init>(JaasConfig.java:63)
        at org.apache.kafka.common.security.JaasContext.load(JaasContext.java:103)
        at org.apache.kafka.common.security.JaasContext.loadClientContext(JaasContext.java:97)
        at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:271)
        at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:140)
        at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:136)
        at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:662)
        ... 12 more

[Guttz]

Try it without the single quotation marks.

kafkastore.sasl.jaas.config= org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required oauth.client.id="registry-client" oauth.client.secret="MY_SECRET" oauth.token.endpoint.uri="https://login.dev.net/adfs/oauth2/token" ;