You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by Sam Feng <ol...@gmail.com> on 2017/07/25 02:58:49 UTC

how can i enable nifi to perform user authentication overhttp���

Hello Kevin,

   Your answers helps me a lot.  Now i am trying to modify nifi`s sourcecode to enable http authentication, because the platform where i am using nifi is not that sensitive about security, and we use ldap as login-identity-providers whitch password is already encrypted by an unique key. 
    But i find it difficult to modify it`s sourceCode. there so many places that limit login and authentication from http, and i have to edit all of it, which will certainly take a lot of time to find them.  
    Do you have any idea on how to modify nifi`s code more efficiently, or if there are  some other way to get what i want.
   
    As you can see my English is poor, thanks for you patience. 

Thanks for your reply.
Best Regards
YuNing



On 2017-07-21 19:07 (+0800), Kevin Doran <kd...@gmail.com> wrote: 
> Hi,
> 
> You are correct, NiFi requires an encrypted connection for user authentication. This is because client identity is established in one of two ways:
> 
> - user name & password, which should not be sent over a non-encrypted connection
> - client certificate in a two-way TLS (HTTPS) connection
> 
> I hope this answers your question. If HTTPS is suitable for your needs, here are some resources to help you get started:
> 
> - NiFi System Administration Guide, specifically sections on User Authentication [1] and Multi-Tenant Authorization [2]
> - Bryan Bende's blog post on NiFi Authorization and Multi-Tenancy [3]
> 
> I hope this helps! If you have any questions you can post back to this thread.
> 
> Regards,
> Kevin
> 
> [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication 
> [2] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#multi-tenant-authorization 
> [3] http://bryanbende.com/development/2016/08/17/apache-nifi-1-0-0-authorization-and-multi-tenancy 
> 
> 
> On 7/21/17, 02:02, "belvey@163.com" <be...@163.com> wrote:
> 
>     
>         Hello, I am a developer from china, i recently want to apply multi-tenant authorization on nifi, but find that nifi doesn't support authorization over http. can you tell me the reason, and can i enable authentication over http by modify it's source code.
>         
>     Thanks for your early reply.
>     Best Regards
>         
>     
>     
> 
> 
>