You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Curtis Ruck (JIRA)" <ji...@apache.org> on 2018/08/10 12:44:00 UTC

[jira] [Created] (NIFI-5508) Support disabling wantClientAuth when running behind a reverse proxy.

Curtis Ruck created NIFI-5508:
---------------------------------

             Summary: Support disabling wantClientAuth when running behind a reverse proxy.
                 Key: NIFI-5508
                 URL: https://issues.apache.org/jira/browse/NIFI-5508
             Project: Apache NiFi
          Issue Type: Bug
          Components: Security
    Affects Versions: 1.7.1, 1.7.0
         Environment: Reverse Proxy & trying to use other credential provider when the reverse proxy provides a client certificate itself.
            Reporter: Curtis Ruck


As discussed on mailing list.

JettyServer always calls either setNeedClientAuth(true) or setWantClientAuth(true).

When used with a reverse proxy that has a client certificate, it is impossible currently to use other credential providers as the X509 authentication takes precedence.

Adding the ability to disable wantClientAuth via a NiFi property would enable the ability to leverage existing SSO solutions behind a reverse proxy.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)