SASL Authentication Error when connect to confluent cloud

HI,
I just opened new account, and tried to connect to the cluster(confluent cloud standard). I’m using python 3.6, confluent-kafka 1.7.0 (SASL_SSL, PLAIN).

I’m getting the following error when I’m trying to connect to my cluster:

%3|1634248587.171|FAIL|schedule-1#producer-1| [thrd:sasl_ssl://xxx.us-west-2.aws.confluent.cloud:9092/bootstr]: sasl_ssl://xxx.us-west-2.aws.confluent.cloud:9092/bootstrap: SASL authentication error: Authentication failed (after 5104ms in state AUTH_REQ)

python code:# Kafka
bootstrap.servers=xxx.us-west-2.aws.confluent.cloud:9092
security.protocol=SASL_SSL
sasl.mechanisms=PLAIN
sasl.username={{ CLUSTER_API_KEY }}
sasl.password={{ CLUSTER_API_SECRET }}

#not using schema registry
Thanks for your tips

Hi,

did you try to telnet the port whether it’s reachable from your env?
just to be sure that there is no network issue

something like

telnet xxx.us-west-2.aws.confluent.cloud 9092

The same bootstrap_servers had worked earlier using an account with my personal credit card and cluster I created for testing purpose.
I started to see this error when we closed my old account and created a new account(linked to corporate AWS account) by my coworker. The two clusters, the one from my old account and the one created by my coworker, share the same bootstrap.servers url (us-west-2). I have used the sasl_user and sasl_password from the new account though.
if I run "openssl " against the bootstrap url, I can reach the server and output the certificate.
Thanks

ok I see so it seems not related to network issues

does the cluser version differ?

best,
Michael

My old one (worked, personal account) was “basic” subscription, and the current subscription(failing SASL, corporate account) is “standard” subscription. They share the same bootstrap urls(from us-west-2), so I guess the cluster versions should be the same.
Thanks

ok understand

just to be sure did you double check the docs:
https://docs.confluent.io/cloud/current/client-apps/config-client.html#librdkafka-based-c-clients

especially

  • In the Cloud Console, on the Environment Overview page, click Clusters and select your cluster from the list.
  • From the navigation menu, click Data In/Out → Clients . Click C/C++ and insert the following configuration settings into your client code.

Using key/secret generated by ccloud cli helped me resolve the issue.
Thanks for your tips

1 Like