Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I'm having trouble with 'Cannot change principals during re-authentication from A: B' #104

Open
ksundong opened this issue Feb 1, 2023 · 4 comments
Open

I'm having trouble with 'Cannot change principals during re-authentication from A: B' #104

ksundong opened this issue Feb 1, 2023 · 4 comments

Comments

@ksundong
Copy link

ksundong commented Feb 1, 2023

Environment

  • org.apache.kafka:kafka-clients:3.1.1
  • software.amazon.msk:aws-msk-iam-auth:1.1.5
  • org.springframework.cloud:spring-cloud-stream:3.2.1
  • org.springframework.cloud:spring-cloud-stream-binder-kafka:3.2.1
  • org.springframework.boot:spring-boot:2.7.1

Log

server 2023-01-31 14:05:26.312 ERROR 7 --- [container-0-C-1] o.s.k.l.KafkaMessageListenerContainer   :149 : Authentication/Authorization Exception, retrying in 10000 ms
server
server org.apache.kafka.common.errors.SaslAuthenticationException: Cannot change principals during re-authentication from A: B
  • Why server cannot change A to B?
  • How can I fix it?
@ksundong ksundong changed the title I'm having trouble with Cannot change principals during re-authentication from A B I'm having trouble with 'Cannot change principals during re-authentication from A: B' Feb 1, 2023
@amplexus
Copy link

Set AWS_ROLE_SESSION_NAME. See jmaver-plume/kafkajs-msk-iam-authentication-mechanism#20 for more info.

@ksundong
Copy link
Author

@amplexus
I'll try it, thanks.

@hameno
Copy link

hameno commented Sep 10, 2024

Surely this should not be needed to manually configure, no?

@taer taer mentioned this issue Sep 10, 2024
Open
@taer
Copy link

taer commented Sep 10, 2024

This pops up also when you use EKS-pod-identity and the session name changes. And you can't as of now set a static session name. Would it be possible to relax the sessionName aspect of the "principals change"?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hameno @taer @amplexus @ksundong