Hi, I'm Ask INFA!
What would you like to know?
ASK INFAPreview
Please to access Ask INFA.
Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Application Integration
  • All Products

Table of Contents

Search

  1. Preface
  2. Introduction to Kafka Connector
  3. Kafka Connections and Processes

Kafka Connector Guide

Kafka Connector Guide

Back Next

Kafka Connection Properties

Kafka Connection Properties

When you select
Kafka
 as the connection type, you can configure Kafka-specific connection properties on the
Properties
 tab of the connection creation page.

Connection Settings

You must specify the Kafka host and Kafka port that you want to connect to. You can also enable SSL authentication and SASL authentication.
The following table defines the Kafka connection properties that you must configure in the
Connection Settings
 section:
Property
Description
Kafka Host
Required. The primary Kafka host that the Secure Agent or the Cloud Server must connect to with a TCP connection.
Kafka Port
Required. The primary Kafka port number that the Secure Agent or the Cloud Server must connect to with a TCP connection.
Additional Kafka Brokers
Comma-separated list of the Kafka brokers that the Secure Agent must connect to with a TCP connection.
Enter the host name or IP address of the system where the Kafka broker is running and a port number without any space in the following format:
<host_name>:<port_number>
 or
<IP_address>:<port_number>
For example,
CAI1A:9090,CAI2A:9091,10.75.167.66:9092,10.75.167.67:9093
  • When you connect to a Kafka broker over SSL, you must specify the fully qualified domain name for the host name. Otherwise, the connection test fails with an SSL handshake error.
  • When you connect to a Kafka broker over SSL and SASL, you must ensure that all the brokers have the same SSL and SASL settings.
  • When you test a connection, you must ensure that a Kafka server is up and running on all the brokers. Otherwise, the connection test fails.
  • You must have a unique host name for each IP address. Otherwise, an error occurs.
Other Attributes
Optional. A list of common Apache Camel configuration properties to connect to the Kafka brokers.
Specify the properties in key-value pairs. Separate multiple properties with an ampersand character (&) without any space.
For example, enter the following phrase to specify the client ID of the application making request and to use batching for processing or streaming: 
clientId=client123&batching=false
If you want to set additional properties for a Kafka consumer or Kafka producer that you can't set directly in the Camel configuration, prefix the properties with
additionalProperties
.
For example,
additionalProperties.transactional.id=12345
For more information about the properties that you can specify, see the Apache Camel documentation.
To configure OAuth authentication for the Kafka client, you must specify the additional properties.
For example,
additionalProperties.sasl.login.callback.handler.class=org.apache.kafka.comm on.security.oauthbearer.secured.OAuthBearerLoginCallbackHandler&additionalPr operties.sasl.oauthbearer.token.endpoint.url=<endpoint url>&additionalProperties.sasl.oauthbearer.sub.claim.name=<claim_name>
Use SSL
Optional. Determines whether SSL authentication must be used.
Default is
No
.
Use SASL
Optional. Determines whether SASL authentication must be used.
To configure Kerberos authentication for the Kafka client, select
Yes
.
Default is
No
.

SSL Settings

You can configure SSL authentication to encrypt and securely transfer data between a Kafka producer, Kafka consumer, and a Kafka cluster. When you configure SSL authentication, a Certificate Authority signs and issues a certificate to the Kafka client. The Kafka broker uses the certificate to verify the identity of the client.
Informatica recommends that if you are connecting to a Kafka broker that is published on the Cloud Server, you must configure SSL authentication.
If you enable SSL authentication, you must configure the following authentication properties in the
SSL Settings
 section:
Property
Description
SSL Truststore Location
The absolute path and file name of the truststore file on the Secure Agent machine that contains the SSL certificate to establish two-way secure communication with the Kafka broker.
For example:
C:/SSL/Certs_208/icrt-truststore.jks
If you choose to run the Kafka connection on the Cloud Server, you must save the truststore file of the JKS (Java KeyStore) format on your local machine. Use the
Choose File
 option to select the truststore file. The maximum allowed file size is 50 KB.
SSL Truststore Password
The password for the truststore file that contains the SSL certificate.
SSL Keystore Location
The absolute path and file name of the keystore file on the Secure Agent machine that contains the keys and certificates required to establish a two-way secure communication with the Kafka broker.
For example:
C:/SSL/Keys/icrt-keystore.jks
If you choose to run the Kafka connection on the Cloud Server, you must save the keystore file of the JKS (Java KeyStore) format on your local machine. Use the
Choose File
 option to select the keystore file. The maximum allowed file size is 50 KB.
SSL Keystore Password
The password for the keystore file required for secure communication.
SSL Key Password
The SSL key password of the client.

SASL Settings

You can configure SASL authentication so that the Kafka broker can authenticate the Kafka producer and the Kafka consumer. Kafka uses the Java Authentication and Authorization Service (JAAS) for SASL authentication. To enable SASL authentication, you must specify the SASL mechanism that the Kafka broker must use for authentication. Based on the SASL mechanism value you specify, you must also provide the formatted JAAS configuration that the Kafka broker must use for authentication.
You can configure Kerberos authentication for a Kafka client by placing the required Kerberos configuration files on the Secure Agent machine and specifying the required JAAS configuration in the Kafka connection. The JAAS configuration defines the keytab and principal details that the Kafka broker must use to authenticate the Kafka client.
The Kerberos server where the Kafka cluster is running and the Process Server must use the same time zone. Otherwise, an error occurs when producing a message.
If you enable SASL authentication, you must configure the following authentication properties in the
SASL Settings
 section:
Property
Description
SASL Mechanism
The SASL mechanism that the Kafka broker must use to authenticate the Kafka producer and the Kafka consumer.
Enter one of the following values:
  • PLAIN
    . Use this value to configure plain SASL authentication for the Kafka client.
  • GSSAPI
    . Use this value to configure Kerberos authentication for the Kafka client.
  • OAUTHBEARER
    . Use this value to configure OAuth authentication for the Kafka client.
Default is
PLAIN
.
Jaas Config
The formatted JAAS configuration that the Kafka broker must use to authenticate the Kafka producer and the Kafka consumer.
  • To use the PLAIN SASL mechanism, you must specify the user name and password to connect to Kafka in the JAAS configuration.
    For example,
    org.apache.kafka.common.security.plain.PlainLoginModule required username="<value>" password="<value>";
  • To configure Kerberos authentication for the Kafka client, you must specify the keytab and principal details in the JAAS configuration.
    For example,
    com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab="<path and file name of the keytab file on the Secure Agent machine>" serviceName="kafka" principal="kafka/<host_name>";
  • To configure OAuth authentication for the Kafka client, you must specify the additional properties in the JAAS configuration .
    For example,
    org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required clientId='<ClientID>' scope='<scope>' clientSecret='<clientSecret>' extension_logicalCluster='<logical cluster>' extension_identityPoolId='<identitypoolID>';
0 COMMENTS
We’d like to hear from you!