Administering Apache NiFi Registry
Also available as:
PDF

Security Properties

These properties pertain to various security features in NiFi Registry. Many of these properties are covered in more detail in the Security Configuration section of this Administrator's Guide.

Property

Description

nifi.registry.security.keystore

The full path and name of the keystore. It is blank by default.

nifi.registry.security.keystoreType

The keystore type. It is blank by default.

nifi.registry.security.keystorePasswd

The keystore password. It is blank by default.

nifi.registry.security.keyPasswd

The key password. It is blank by default.

nifi.registry.security.truststore

The full path and name of the truststore. It is blank by default.

nifi.registry.security.truststoreType

The truststore type. It is blank by default.

nifi.registry.security.truststorePasswd

The truststore password. It is blank by default.

nifi.registry.security.needClientAuth

This specifies that connecting clients must authenticate with a client cert. Setting this to false will specify that connecting clients may optionally authenticate with a client cert, but may also login with a username and password against a configured identity provider. The default value is true.

nifi.registry.security.authorizers.configuration.file

This is the location of the file that specifies how authorizers are defined. The default value is ./conf/authorizers.xml.

nifi.registry.security.authorizer

Specifies which of the configured Authorizers in the authorizers.xml file to use. By default, it is set to managed-authorizer.

nifi.registry.security.identity.providers.configuration.file

This is the location of the file that specifies how username/password authentication is performed. This file is only considered if nifi.registry.security.identity.provider is configured with a provider identifier. The default value is ./conf/identity-providers.xml.

nifi.registry.security.identity.provider

This indicates what type of identity provider to use. The default value is blank, can be set to the identifier from a provider in the file specified in nifi.registry.security.identity.providers.configuration.file. Setting this property will trigger NiFi Registry to support username/password authentication.