Configuring single user authentication

Single user authentication is NiFi’s most basic authentication option, sufficient for development clusters. A single user is granted all permissions on the NiFi cluster, no other users can be configured.

To configure single user authentication, you need to specify it in loginIdentityProviders and you need to make overrides to the nifi.properties configuration file:

spec:
  security:
    customAuthorizer:
      identifier: single-user-authorizer
      className: org.apache.nifi.authorization.single.user.SingleUserAuthorizer
  configOverride:
    loginIdentityProviders: |
      <loginIdentityProviders>
        <provider>
          <identifier>single-user-provider</identifier>
          <class>org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider</class>
          <property name="Username">[***SINGLE USER NAME***]</property>
          <property name="Password">[***HASHED PASSWORD**]</property>
        </provider>
      </loginIdentityProviders>
    nifiProperties:
      upsert:
        nifi.security.user.authorizer: single-user-authorizer
        nifi.security.user.login.identity.provider: single-user-provider

Replace:

  • [***SINGLE USER NAME***] with your desired username

  • [***HASHED PASSWORD***] with a hash of your password. You can use the cfmctl CLI tool to generate this hash using the single-user-credential command.