You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by "belvey@163.com" <be...@163.com> on 2017/07/21 06:02:23 UTC
why cant nifi perform user authentication over http?
Hello, I am a developer from china, i recently want to apply multi-tenant authorization on nifi, but find that nifi doesn't support authorization over http. can you tell me the reason, and can i enable authentication over http by modify it's source code.
Thanks for your early reply.
Best Regards
Re: why cant nifi perform user authentication overhttp���
Posted by Sam Feng <ol...@gmail.com>.
On 2017-07-21 19:07 (+0800), Kevin Doran <kd...@gmail.com> wrote:
> Hi,
>
> You are correct, NiFi requires an encrypted connection for user authentication. This is because client identity is established in one of two ways:
>
> - user name & password, which should not be sent over a non-encrypted connection
> - client certificate in a two-way TLS (HTTPS) connection
>
> I hope this answers your question. If HTTPS is suitable for your needs, here are some resources to help you get started:
>
> - NiFi System Administration Guide, specifically sections on User Authentication [1] and Multi-Tenant Authorization [2]
> - Bryan Bende's blog post on NiFi Authorization and Multi-Tenancy [3]
>
> I hope this helps! If you have any questions you can post back to this thread.
>
> Regards,
> Kevin
>
> [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication
> [2] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#multi-tenant-authorization
> [3] http://bryanbende.com/development/2016/08/17/apache-nifi-1-0-0-authorization-and-multi-tenancy
>
>
> On 7/21/17, 02:02, "belvey@163.com" <be...@163.com> wrote:
>
>
> Helloï¼ I am a developer from china, i recently want to apply multi-tenant authorization on nifi, but find that nifi doesn't support authorization over http. can you tell me the reason, and can i enable authentication over http by modify it's source code.
>
> Thanks for your early reply.
> Best Regards
>
>
>
>
>
>
Re: why cant nifi perform user authentication overhttp���
Posted by Sam Feng <ol...@gmail.com>.
Hello Kevinï¼
Your answers helps me a lot. Now i am trying to modify nifi`s sourcecode to enable http authentication, because the platform where i am using nifi is not that sensitive about security, and we use ldap as login-identity-providers whitch password is already encrypted by an unique key.
But i find it difficult to modify it`s sourceCode. there so many places that limit login and authentication from http, and i have to edit all of it, which will certainly take a lot of time to find them.
Do you have any idea on how to modify nifi`s code more efficiently, or if there are some other way to get what i want.
As you can see my English is poor, thanks for you patience.
Thanks for your reply.
Best Regards
YuNing
On 2017-07-21 19:07 (+0800), Kevin Doran <kd...@gmail.com> wrote:
> Hi,
>
> You are correct, NiFi requires an encrypted connection for user authentication. This is because client identity is established in one of two ways:
>
> - user name & password, which should not be sent over a non-encrypted connection
> - client certificate in a two-way TLS (HTTPS) connection
>
> I hope this answers your question. If HTTPS is suitable for your needs, here are some resources to help you get started:
>
> - NiFi System Administration Guide, specifically sections on User Authentication [1] and Multi-Tenant Authorization [2]
> - Bryan Bende's blog post on NiFi Authorization and Multi-Tenancy [3]
>
> I hope this helps! If you have any questions you can post back to this thread.
>
> Regards,
> Kevin
>
> [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication
> [2] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#multi-tenant-authorization
> [3] http://bryanbende.com/development/2016/08/17/apache-nifi-1-0-0-authorization-and-multi-tenancy
>
>
> On 7/21/17, 02:02, "belvey@163.com" <be...@163.com> wrote:
>
>
> Helloï¼ I am a developer from china, i recently want to apply multi-tenant authorization on nifi, but find that nifi doesn't support authorization over http. can you tell me the reason, and can i enable authentication over http by modify it's source code.
>
> Thanks for your early reply.
> Best Regards
>
>
>
>
>
>
how can i enable nifi to perform user authentication overhttp���
Posted by Sam Feng <ol...@gmail.com>.
Hello Kevinï¼
Your answers helps me a lot. Now i am trying to modify nifi`s sourcecode to enable http authentication, because the platform where i am using nifi is not that sensitive about security, and we use ldap as login-identity-providers whitch password is already encrypted by an unique key.
But i find it difficult to modify it`s sourceCode. there so many places that limit login and authentication from http, and i have to edit all of it, which will certainly take a lot of time to find them.
Do you have any idea on how to modify nifi`s code more efficiently, or if there are some other way to get what i want.
As you can see my English is poor, thanks for you patience.
Thanks for your reply.
Best Regards
YuNing
On 2017-07-21 19:07 (+0800), Kevin Doran <kd...@gmail.com> wrote:
> Hi,
>
> You are correct, NiFi requires an encrypted connection for user authentication. This is because client identity is established in one of two ways:
>
> - user name & password, which should not be sent over a non-encrypted connection
> - client certificate in a two-way TLS (HTTPS) connection
>
> I hope this answers your question. If HTTPS is suitable for your needs, here are some resources to help you get started:
>
> - NiFi System Administration Guide, specifically sections on User Authentication [1] and Multi-Tenant Authorization [2]
> - Bryan Bende's blog post on NiFi Authorization and Multi-Tenancy [3]
>
> I hope this helps! If you have any questions you can post back to this thread.
>
> Regards,
> Kevin
>
> [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication
> [2] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#multi-tenant-authorization
> [3] http://bryanbende.com/development/2016/08/17/apache-nifi-1-0-0-authorization-and-multi-tenancy
>
>
> On 7/21/17, 02:02, "belvey@163.com" <be...@163.com> wrote:
>
>
> Helloï¼ I am a developer from china, i recently want to apply multi-tenant authorization on nifi, but find that nifi doesn't support authorization over http. can you tell me the reason, and can i enable authentication over http by modify it's source code.
>
> Thanks for your early reply.
> Best Regards
>
>
>
>
>
>
Re: why cant nifi perform user authentication overhttp?
Posted by Kevin Doran <kd...@gmail.com>.
Hi,
You are correct, NiFi requires an encrypted connection for user authentication. This is because client identity is established in one of two ways:
- user name & password, which should not be sent over a non-encrypted connection
- client certificate in a two-way TLS (HTTPS) connection
I hope this answers your question. If HTTPS is suitable for your needs, here are some resources to help you get started:
- NiFi System Administration Guide, specifically sections on User Authentication [1] and Multi-Tenant Authorization [2]
- Bryan Bende's blog post on NiFi Authorization and Multi-Tenancy [3]
I hope this helps! If you have any questions you can post back to this thread.
Regards,
Kevin
[1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication
[2] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#multi-tenant-authorization
[3] http://bryanbende.com/development/2016/08/17/apache-nifi-1-0-0-authorization-and-multi-tenancy
On 7/21/17, 02:02, "belvey@163.com" <be...@163.com> wrote:
Hello, I am a developer from china, i recently want to apply multi-tenant authorization on nifi, but find that nifi doesn't support authorization over http. can you tell me the reason, and can i enable authentication over http by modify it's source code.
Thanks for your early reply.
Best Regards
Re: Re: how can i enable nifi to perform user authentication over http?
Posted by "belvey@163.com" <be...@163.com>.
Got it, thank you.
Best Regards
YuNing
发件人: Joe Witt
发送时间: 2017-07-24 10:10
收件人: dev
主题: Re: how can i enable nifi to perform user authentication over http?
<with your email on bcc>
Hello
Please subscribe [1] to the mailing list so that you can more easily
see the responses. You did receive a response [2] to your original
request.
[1] https://nifi.apache.org/mailing_lists.html
[2] https://lists.apache.org/thread.html/545c5f59a13a38554d4c9b99df8b4a378b1cef714c9ed78582cb25a2@%3Cdev.nifi.apache.org%3E
Thanks
Joe
On Sun, Jul 23, 2017 at 9:41 PM, belvey@163.com <be...@163.com> wrote:
>
> Hello, I had ping this email days ago without response, and here i am. I would appreciate it if you can give me any idea on how to enable user authentication and authorization over http(any possibility on modifiy it's sorce code?).
> Your response will be very helpful for me, because https is much too heavy for our platform, and i realy need to know if authentication over http is practicable.
>
> Thanks for your early reply.
> Best Regards
>
> 发件人: belvey@163.com
> 发送时间: 2017-07-21 14:02
> 收件人: dev
> 主题: why cant nifi perform user authentication over http?
>
> Hello, I am a developer from china, i recently want to apply multi-tenant authorization on nifi, but find that nifi doesn't support authorization over http. can you tell me the reason, and can i enable authentication over http by modify it's source code.
>
> Thanks for your early reply.
> Best Regards
>
>
Re: how can i enable nifi to perform user authentication over http?
Posted by Joe Witt <jo...@gmail.com>.
<with your email on bcc>
Hello
Please subscribe [1] to the mailing list so that you can more easily
see the responses. You did receive a response [2] to your original
request.
[1] https://nifi.apache.org/mailing_lists.html
[2] https://lists.apache.org/thread.html/545c5f59a13a38554d4c9b99df8b4a378b1cef714c9ed78582cb25a2@%3Cdev.nifi.apache.org%3E
Thanks
Joe
On Sun, Jul 23, 2017 at 9:41 PM, belvey@163.com <be...@163.com> wrote:
>
> Hello, I had ping this email days ago without response, and here i am. I would appreciate it if you can give me any idea on how to enable user authentication and authorization over http(any possibility on modifiy it's sorce code?).
> Your response will be very helpful for me, because https is much too heavy for our platform, and i realy need to know if authentication over http is practicable.
>
> Thanks for your early reply.
> Best Regards
>
> 发件人: belvey@163.com
> 发送时间: 2017-07-21 14:02
> 收件人: dev
> 主题: why cant nifi perform user authentication over http?
>
> Hello, I am a developer from china, i recently want to apply multi-tenant authorization on nifi, but find that nifi doesn't support authorization over http. can you tell me the reason, and can i enable authentication over http by modify it's source code.
>
> Thanks for your early reply.
> Best Regards
>
>
how can i enable nifi to perform user authentication over http?
Posted by "belvey@163.com" <be...@163.com>.
Hello, I had ping this email days ago without response, and here i am. I would appreciate it if you can give me any idea on how to enable user authentication and authorization over http(any possibility on modifiy it's sorce code?).
Your response will be very helpful for me, because https is much too heavy for our platform, and i realy need to know if authentication over http is practicable.
Thanks for your early reply.
Best Regards
发件人: belvey@163.com
发送时间: 2017-07-21 14:02
收件人: dev
主题: why cant nifi perform user authentication over http?
Hello, I am a developer from china, i recently want to apply multi-tenant authorization on nifi, but find that nifi doesn't support authorization over http. can you tell me the reason, and can i enable authentication over http by modify it's source code.
Thanks for your early reply.
Best Regards