User Authentication
A secured instance of NiFi Registry cannot be accessed anonymously, so a method of user authentication must be configured.
Note | |
---|---|
NiFi Registry does not perform user authentication over HTTP. Using HTTP, all users will have full permissions. |
Any secured instance of NiFi Registry supports authentication via client certificates that are trusted by the NiFi Registry's SSL Context Truststore. Alternatively, a secured NiFi Registry can be configured to authenticate users via username/password.
Username/password authentication is performed by an 'Identity Provider'. The Identity Provider is a pluggable mechanism for authenticating users via their username/password. Which Identity Provider to use is configured in the nifi-registry.properties file. Currently NiFi Registry offers Identity Providers for LDAP and Kerberos.
Identity Providers are configured using two properties in the 'nifi-registry.properties' file:
-
The
nifi.registry.security.identity.providers.configuration.file
property specifies the configuration file where identity providers are defined. By default, the 'identity-providers.xml' file located in the root installation conf directory is selected. -
The
nifi.registry.security.identity.provider
property indicates which of the configured identity providers in the 'identity-providers.xml' file to use. By default, this property is not configured meaning that username/password must be explicitly enabled.
Note | |
---|---|
NiFi Registry can only be configured to use one Identity Provider at a given time. |