User Authentication

A secured instance of NiFi Registry cannot be accessed anonymously, so a method of user authentication must be configured.

Any secured instance of NiFi Registry supports authentication via client certificates that are trusted by the NiFi Registry's SSL Context Truststore. Alternatively, a secured NiFi Registry can be configured to authenticate users via username/password.

Username/password authentication is performed by an 'Identity Provider'. The Identity Provider is a pluggable mechanism for authenticating users via their username/password. Which Identity Provider to use is configured in the nifi-registry.properties file. Currently NiFi Registry offers Identity Providers for LDAP and Kerberos.

Identity Providers are configured using two properties in the nifi-registry.properties file:

  • The nifi.registry.security.identity.providers.configuration.file property specifies the configuration file where identity providers are defined. By default, the identity-providers.xml file located in the root installation conf directory is selected.

  • The nifi.registry.security.identity.provider property indicates which of the configured identity providers in the identity-providers.xml file to use. By default, this property is not configured meaning that username/password must be explicitly enabled.