SAML
To enable authentication via SAML the following properties must be configured in nifi.properties.
Property Name | Description |
---|---|
|
The URL for obtaining the identity provider's metadata. The metadata can be
retrieved from the identity provider via |
|
The entity id of the service provider (i.e. NiFi). This value will be used
as the |
|
The name of a SAML assertion attribute containing the user'sidentity. This property is optional and if not specified, or if the attribute is not found, then the NameID of the Subject will be used. |
|
The name of a SAML assertion attribute containing group names the user belongs to. This property is optional, but if populated the groups will be passed along to the authorization process. |
|
Enables signing of the generated service provider metadata. |
|
Controls the value of |
|
Controls the value of |
|
The algorithm to use when signing SAML messages. Reference the Open SAML Signature Constants for a list of valid values. If not specified, a default of SHA-256 will be used. |
|
The digest algorithm to use when signing SAML messages. Reference the Open SAML Signature Constants for a list of valid values. If not specified, a default of SHA-256 will be used. |
|
Enables logging of SAML messages for debugging purposes. |
|
The expiration of the NiFi JWT that will be produced from a successful SAML authentication response. |
|
Enables SAML SingleLogout which causes a logout from NiFi to logout of the identity provider. By default, a logout of NiFi will only remove the NiFi JWT. |
|
The truststore strategy when the IDP metadata URL begins with https. A value
of |
|
The connection timeout when communicating with the SAML IDP. |
|
The read timeout when communicating with the SAML IDP. |