SamlAuth specifies SAML-based single sign-on authentication related configurations.

entityID string

entityID is the entity id of the service provider (that is, NiFi). This value is used as the Issuer for SAML authentication requests and has to be a valid URI. In some cases the service provider entity id must be registered ahead of time with the identity provider.

idpMetadataSecretName string

idpMetadataSecretName is the name of a secret which contains the identity provider’s metadata in SAML format. The SAML metadata should be under the sso-idp-metadata.xml key.

identityAttributeName string (Optional)

identityAttributeName is the name of a SAML assertion attribute containing the user’s identity. This property is optional and if either not specified or if the attribute is not found, then the NameID of the Subject is used.

groupAttributeName string (Optional)

groupAttributeName is the name of a SAML assertion attribute containing group names the user belongs to. This property is optional, but if populated the groups are passed along to the authorization process.

singleLogoutEnabled bool (Optional)

singleLogoutEnabled enables SAML SingleLogout which causes a logout from NiFi to logout of the identity provider. By default, a logout of NiFi only removes the NiFi JSON Web Token (JWT).