Set up broker authentication plugin

I need to restrict the MQTT publish (to port 1883) mechanism to certain users. I came across a plugin emqx_auth_username and was unable to install/load it to my EMQX in docker.

  • Is this plugin the right one?
  • Can anyone please share some documents or any related details for the installation purpose?

Thanks in advance.

EMQX version: 5.0.15

The plugin emqx_auth_username is provided for EMQX whose version is lower than 5.0.

In EMQX 5.0, authentication and authorization are more deeply integrated. You can see more information about AuthN and AuthZ in this doc: Authentication | EMQX 5.0 Documentation

How to add emqx-auth plugin in emqx broker 5.1.3 and how to configure this plugin file please revert back soon

How to configure emqx-auth plugin on emqx broker 5.1.3

Hi, @vss10101

EMQX 5.x has merged the previous authentication plugins into one authentication feature, which you can configure directly on the Dashboard, you can refer to here. If you need to use your own developed authentication plugin, you can refer to the latest plugin documentation.

Hi Maverick,
I have added EMQX auth plugin through dashboard but issues i am not getting plugin config file to customaize the plugin (emqx_auth_http.conf not generated)

Hello team,
I tried to setup authentication using HTTP server but i am getting disconnected error please refer attached screenshot

@vss10101 This usually indicates a network problem. Can you use the command curl on the server where EMQX is located to request this HTTP endpoint normally?

If the request fails, you can check the firewall, security group and other configurations; otherwise, you can check whether there is any error message output in the EMQX log.

Hello maverick,
We have upgraded EMQX broker from 4.3.5 to 5.1.3, So in previous EMQX version emqx-auth-http plugin was installed and this plugin was having it’s own configuration file. but when i installed emqx-auth-http plugin in 5.1.3 version through EMQX dashboard then i am not getting plugin configration file to configure emqx-auth-http plugin can you help me out how to get congif or how to configure auth plugine in EMQX version 5.1.3.

@vss10101 Hi. If you just want to use the HTTP authentication, you can configure it directly on the Dashboard, just like you did.

If you want to still configure HTTP authentication through a configuration file, you can add the corresponding configuration directly to the etc/emqx.conf. You can refer to the configuration example at the end of this document.

But we are still completing the configuration manual, so it may not be so user-friendly yet. It is recommended that you configure it through Dashboard.

Hello Maverick,
I have initated authentication using HTTP server to EMQX broker and connection between EMQX broker and HTTP server is successful and i am getting authentication status code 200 as well but still i am getting error not authorized
please check below logs and provide me solution please.

[AUTHN] BACKEND-DEV-CVS_CLZ_COM-PUBLISHER-v1.0.8-cvs-kafka-stream-d79d695d-lphtr@ msg: http_response, provider: emqx_authn_http, request: [base_url:, headers: [{<<“accept”>>,<<“application/json”>>},{<<“cache-control”>>,<<“no-cache”>>},{<<“connection”>>,<<“keep-alive”>>},{<<“content-type”>>,<<“application/json”>>},{<<“keep-alive”>>,<<“timeout=30, max=1000”>>}], method: post, mody: {“username":"”,“password”:“[password]”,“clientid”:“BACKEND-DEV-CVS_CLZ_COM-PUBLISHER-v1.0.8-cvs-kafka-stream-d79d695d-lphtr”}, path_query: /mqtt/auth], resource: emqx_authn_http:89, response: [headers: [{<<“content-length”>>,<<“0”>>},{<<“date”>>,<<“Fri, 22 Sep 2023 03:54:09 GMT”>>},{<<“keep-alive”>>,<<“timeout=60”>>},{<<“connection”>>,<<“keep-alive”>>}], status: 200]

2023-09-22T03:54:09+00:00 [AUTHN] BACKEND-DEV-CVS_CLZ_COM-PUBLISHER-v1.0.8-cvs-kafka-stream-d79d695d-lphtr@ msg: authenticator_result, authenticator: password_based:http, result: ignore

2023-09-22T03:54:09+00:00 [AUTHN] BACKEND-DEV-CVS_CLZ_COM-PUBLISHER-v1.0.8-cvs-kafka-stream-d79d695d-lphtr@ msg: authentication_result, reason: chain_result, result: {ok,{error,not_authorized}}

Hello Maverick,
Can you please help me out to above mentioned issue we are facing.
Is there is something i am missing.

Hello team,
I have done authentication setup using HTTP server on EMQX broker 5.0.21.
I am getting 200 response code but still getting not authorized exception while connecting clients.please refer below screen shots and help me out.

Hello Maverick,
I have done authentication setup using HTTP server from EMQX dashboard and i am getting response code as 200 on HTTP serivce as well but still i am getting client is not authorized and i can see no match in EMQX dashboard