This is an automated email from the ASF dual-hosted git repository.
pvillard pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 52f270aa11 NIFI-15287 Deprecated Kerberos Login Identity Provider for
Removal
52f270aa11 is described below
commit 52f270aa11fa04817b3054eb772ea41e52a09cac
Author: exceptionfactory <[email protected]>
AuthorDate: Tue Dec 2 12:41:14 2025 -0600
NIFI-15287 Deprecated Kerberos Login Identity Provider for Removal
Signed-off-by: Pierre Villard <[email protected]>
This closes #10593.
---
nifi-docs/src/main/asciidoc/administration-guide.adoc | 2 ++
.../nifi-kerberos-iaa-providers/pom.xml | 5 +++++
.../src/main/java/org/apache/nifi/kerberos/KerberosProvider.java | 6 ++++++
.../src/main/resources/conf/login-identity-providers.xml | 1 +
4 files changed, 14 insertions(+)
diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc
b/nifi-docs/src/main/asciidoc/administration-guide.adoc
index 65502c3044..869431aab0 100644
--- a/nifi-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -503,6 +503,8 @@ NOTE: For changes to _nifi.properties_ and
_login-identity-providers.xml_ to tak
[[kerberos_login_identity_provider]]
=== Kerberos
+NOTE: The Kerberos Provider is deprecated for removal in subsequent releases.
+
Below is an example and description of configuring a Login Identity Provider
that integrates with a Kerberos Key Distribution Center (KDC) to authenticate
users.
Set the following in _nifi.properties_ to enable Kerberos username/password
authentication:
diff --git
a/nifi-framework-bundle/nifi-framework-extensions/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/pom.xml
b/nifi-framework-bundle/nifi-framework-extensions/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/pom.xml
index 8a61ba8858..5383f7498b 100644
---
a/nifi-framework-bundle/nifi-framework-extensions/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/pom.xml
+++
b/nifi-framework-bundle/nifi-framework-extensions/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/pom.xml
@@ -28,6 +28,11 @@
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-framework-api</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-deprecation-log</artifactId>
+ <version>2.7.0-SNAPSHOT</version>
+ </dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-utils</artifactId>
diff --git
a/nifi-framework-bundle/nifi-framework-extensions/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
b/nifi-framework-bundle/nifi-framework-extensions/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
index a467a3877b..35fce3f003 100644
---
a/nifi-framework-bundle/nifi-framework-extensions/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
+++
b/nifi-framework-bundle/nifi-framework-extensions/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
@@ -26,6 +26,8 @@ import
org.apache.nifi.authentication.exception.IdentityAccessException;
import
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
import org.apache.nifi.authentication.exception.ProviderCreationException;
import org.apache.nifi.authentication.exception.ProviderDestructionException;
+import org.apache.nifi.deprecation.log.DeprecationLogger;
+import org.apache.nifi.deprecation.log.DeprecationLoggerFactory;
import org.apache.nifi.kerberos.parser.KerberosPrincipalParser;
import org.apache.nifi.util.FormatUtils;
import org.slf4j.Logger;
@@ -45,6 +47,8 @@ public class KerberosProvider implements
LoginIdentityProvider {
private static final Logger logger =
LoggerFactory.getLogger(KerberosProvider.class);
+ private static final DeprecationLogger deprecationLogger =
DeprecationLoggerFactory.getLogger(KerberosProvider.class);
+
private KerberosAuthenticationProvider provider;
private String issuer;
private String defaultRealm;
@@ -57,6 +61,8 @@ public class KerberosProvider implements
LoginIdentityProvider {
@Override
public final void onConfigured(final
LoginIdentityProviderConfigurationContext configurationContext) throws
ProviderCreationException {
+ deprecationLogger.warn("Kerberos Provider is deprecated for removal");
+
final String rawExpiration =
configurationContext.getProperty("Authentication Expiration");
if (StringUtils.isBlank(rawExpiration)) {
throw new ProviderCreationException("The Authentication Expiration
must be specified.");
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml
b/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml
index f7eac86853..b57017bd33 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml
+++
b/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml
@@ -111,6 +111,7 @@
</provider>
To enable the ldap-provider remove 2 lines. This is 2 of 2. -->
+ <!-- NOTE: The Kerberos Provider is deprecated for removal in subsequent
releases -->
<!--
Identity Provider for users logging in with username/password against
a Kerberos KDC server.
