User Authentication
A secured instance of NiFi Registry cannot be accessed anonymously, so a method of user authentication must be configured.
|
NiFi Registry does not perform user authentication over HTTP. Using HTTP, all users will have full permissions. |
Any secured instance of NiFi Registry supports authentication via client certificates that are trusted by the NiFi Registry's SSL Context Truststore. Alternatively, a secured NiFi Registry can be configured to authenticate users via username/password.
Username/password authentication is performed by an Identity Provider. The Identity Provider is a pluggable mechanism for authenticating users via their username/password. Which Identity Provider to use is configured in the nifi-registry.properties file. Currently NiFi Registry offers Identity Providers for LDAP and Kerberos.
Identity Providers are configured using two properties in the nifi-registry.properties file:
The
nifi.registry.security.identity.providers.configuration.fileproperty specifies the configuration file where identity providers are defined. By default, the identity-providers.xml file located in the root installation conf directory is selected.The
nifi.registry.security.identity.providerproperty indicates which of the configured identity providers in the identity-providers.xml file to use. By default, this property is not configured meaning that username/password must be explicitly enabled.
|
NiFi Registry can only be configured to use one Identity Provider at a given time. |