[
https://issues.apache.org/jira/browse/NIFI-7765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17186547#comment-17186547
]
Bryan Bende commented on NIFI-7765:
-----------------------------------
There are currently two ways to use the CLI...
1) Direct client cert
In this case you would generate a client cert with a DN like "CN=my-cli-user,
OU=NIFI" (or something), and you would have to go into NiFi Web UI using your
OIDC user, and add a new user with the identity "CN=my-cli-user, OU=NIFI".
2) Proxied entity
In this case typically you would take the keystore and truststore from the nifi
server, and use those in the CLI and then specify the proxiedEntity as your
OIDC user
Both of these are described here:
[https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#security-configuration]
Also, if you got anonymous user then it likely means you didn't correctly
configure the CLI to use a certificate.
> Toolket CLI OpenID Connect Support
> ----------------------------------
>
> Key: NIFI-7765
> URL: https://issues.apache.org/jira/browse/NIFI-7765
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.11.4
> Environment: CentOS Linux 7
> Reporter: W Chang
> Priority: Major
> Labels: Authentication, CLI, Connect, OIDC, OpenID
>
> When a NiFi or a Registry instance is configured for OpenID Connect
> authentication, a user cannot authenticate to the secure NiFi or the secure
> Registry using Toolkit CLI to use CLI commands.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
