Configure a Kafka sync destination

Use the dsconfig command or the administrative console to configure PingDataSync to synchronize changes to an Apache Kafka environment.

PingDataSync supports synchronization of single and multivalued attributes to Kafka. You can reuse existing Ping Identity sync sources that were created for other Sync Pipes.

To view an example configuration, see the file located at <server-root>/config/sample-dsconfig-batch-files/reference-sync-pingdirectory-to-kafka.dsconfig.

To configure Kerberos authentication for a Kafka sync destination, supply the producer-property attribute with the appropriate values according to the Apache Kafka documentation.

The following objects are required to configure a Kafka sync destination:

Kafka cluster external server – Defines the procedure for connecting to a Kafka cluster. The Kafka cluster external server can be referenced from multiple Kafka sync destination configuration objects. The only required property is bootstrap-server, which identifies some of the Kafka brokers in the environment.

When use-ssl is set to true, the following configuration changes are made:
- A trust-manager-provider is configured to validate the Kafka broker’s SSL certificate.
- A key-manager-provider is configured to let the Kafka broker authenticate the PingDataSync Kafka producer.
Kafka sync destination – References the Kafka cluster external server. The Kafka sync destination must specify the name of the topic to use for publishing messages.

To adjust Kafka messages beyond the mapping, attribute filtering, and other configuration changes that PingDataSync makes, reference one or more of the KafkaSyncDestinationPlugin extension points that are implemented by using the Server SDK.

Run the prepare-endpoint-server command for the PingDirectory sync source.

SSL configuration

The following table identifies the trust-manager-provider and key-manager-provider properties of the Kafka cluster external server configuration object, as well as the Kafka configuration properties to which they map.

Configuration Object Type Configuration Property Kafka Configuration Property

Configuration Object Type	Configuration Property	Kafka Configuration Property
File-based Trust Manager Provider	`trust-store-file`	`ssl.truststore.location`
File-based Trust Manager Provider	`trust-store-pin`, `trust-store-pin-property`, `trust-store-pin-environment-variable`, or `trust-store-pin-file`	`ssl.truststore.password`
File-based Key Manager Provider	`key-store-file`	`ssl.keystore.location`
File-based Key Manager Provider	`key-store-pin`, `key-store-pin-property`, `key-store-pin-environment-variable`, or `key-store-pin-file`	`ssl.keystore.password`
File-based Key Manager Provider	`private-key-pin`, `private-key-pin-property`, `private-key-pin-environment-variable`, or `private-key-pin-file`	`ssl.key.password`

File-based Trust Manager Provider

trust-store-file

ssl.truststore.location

File-based Trust Manager Provider

trust-store-pin, trust-store-pin-property, trust-store-pin-environment-variable, or trust-store-pin-file

ssl.truststore.password

File-based Key Manager Provider

key-store-file

ssl.keystore.location

File-based Key Manager Provider

key-store-pin, key-store-pin-property, key-store-pin-environment-variable, or key-store-pin-file

ssl.keystore.password

File-based Key Manager Provider

private-key-pin, private-key-pin-property, private-key-pin-environment-variable, or private-key-pin-file

ssl.key.password