A secured instance of NiFi Registry cannot be accessed anonymously, so a method of user authentication must be configured.
Any secured instance of NiFi Registry supports authentication via client certificates that are trusted by the NiFi Registry's SSL Context Truststore. Alternatively, a secured NiFi Registry can be configured to authenticate users via username/password.
Username/password authentication is performed by an 'Identity Provider'. The Identity Provider is a pluggable mechanism for authenticating users via their username/password. Which Identity Provider to use is configured in the nifi-registry.properties file. Currently NiFi Registry offers Identity Providers for LDAP and Kerberos.
Identity Providers are configured using two properties in the nifi-registry.properties file:
nifi.registry.security.identity.providers.configuration.fileproperty specifies the configuration file where identity providers are defined. By default, the identity-providers.xml file located in the root installation
confdirectory is selected.
nifi.registry.security.identity.providerproperty indicates which of the configured identity providers in the identity-providers.xml file to use. By default, this property is not configured meaning that username/password must be explicitly enabled.