You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Curtis Ruck (JIRA)" <ji...@apache.org> on 2018/08/10 12:44:00 UTC
[jira] [Created] (NIFI-5508) Support disabling wantClientAuth when
running behind a reverse proxy.
Curtis Ruck created NIFI-5508:
---------------------------------
Summary: Support disabling wantClientAuth when running behind a reverse proxy.
Key: NIFI-5508
URL: https://issues.apache.org/jira/browse/NIFI-5508
Project: Apache NiFi
Issue Type: Bug
Components: Security
Affects Versions: 1.7.1, 1.7.0
Environment: Reverse Proxy & trying to use other credential provider when the reverse proxy provides a client certificate itself.
Reporter: Curtis Ruck
As discussed on mailing list.
JettyServer always calls either setNeedClientAuth(true) or setWantClientAuth(true).
When used with a reverse proxy that has a client certificate, it is impossible currently to use other credential providers as the X509 authentication takes precedence.
Adding the ability to disable wantClientAuth via a NiFi property would enable the ability to leverage existing SSO solutions behind a reverse proxy.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)