You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Misha Wakerman (JIRA)" <ji...@apache.org> on 2017/04/10 02:07:41 UTC

[jira] [Commented] (NIFI-3684) Make docs more explicit about anonymous access to a secured instance

    [ https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15962361#comment-15962361 ] 

Misha Wakerman commented on NIFI-3684:
--------------------------------------

Tagging [~andrewmlim] and [~alopresto] from NIFI-3480.

> Make docs more explicit about anonymous access to a secured instance
> --------------------------------------------------------------------
>
>                 Key: NIFI-3684
>                 URL: https://issues.apache.org/jira/browse/NIFI-3684
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Documentation & Website
>    Affects Versions: 1.1.1
>            Reporter: Misha Wakerman
>            Priority: Trivial
>              Labels: documentation, security
>
> Currently the [User Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication] section of the NiFi docs are unclear about when Anonymous user access is possible with a secured NiFi instance.
> Specifically, it should mentioned that: "A secured instance of NiFi cannot be accessed anonymously unless configured to use an LDAP or Kerberos Login Identity Provider which in turn must be configured to explicitly allow anonymous access." That is, that Anonymous access is not possible by the (default) FileAuthorizer.
> I also note that NIFI-2730 is looking to allow anonymous user access without LDAP/Kerberos on a secured instance.
> Also, in the [|] section of the docs (which appears before the User Authentication section), this paragraph is not clear about when anonymous access is possible (and is generally not that clear period):
> "Similar to nifi.security.needClientAuth, the web server can be configured to require certificate based client authentication for users accessing the User Interface. In order to do this it must be configured to not support username/password authentication (see below). Either of these options will configure the web server to WANT certificate based client authentication. This will allow it to support users with certificates and those without that may be logging in with their credentials or those accessing anonymously. If username/password authentication and anonymous access are not configured, the web server will REQUIRE certificate based client authentication."
> - "Either of these options..." which options? LDAP or Kerberos?
> Perhaps the same insertion into the User Authentication section should also appear in this section as an INFO pop-out.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)