I want to authenticate all MQTT subscribers on a topic with Solace using Basic Auth . (Username and password) . But want publishers to send to that topic without authentication.
I configured basic auth. and ACL's on a VPN but that wants my both subscribers and publisher to use username/password. Can this be possible via any configuration to allow anyone to publish to a topic in solace but only authenticated users to subscribe and listen on that topic ?
Only one type of authentication is supported per Message VPN on the Solace VMR. It seems your use case requires both a basic authentication type of "None" as well as "Internal" to be supported.
One way to achieve this would be to create two Message VPNs, where the first uses a "None" type of basic authentication and allows anyone to publish a message without requiring a password and the other Message VPN uses an "Internal" type of authentication, where the user has to authenticate using a configured username and password in order to subscribe. You can set up a Message VPN bridge between the two Message VPNs which will permit messages published in one Message VPN to be delivered to the other Message VPN.
For added security, you can configure the ACL profiles in the Message VPN using "None" authentication to disallow all subscribing. This will prevent a subscribing user from connecting directly to this Message VPN without having to authenticate with a username and password.
The problem here is the difference between Authentication and Authorisation.
MQTT authenticates the user at the time the client connects before it subscribes or publishes any messages.
Authorisation to publish/subscribe to topics takes place when that client then tried to either publish or subscribe, and is based on the authenticated user.
