bbende commented on a change in pull request #4614: URL: https://github.com/apache/nifi/pull/4614#discussion_r526120650
########## File path: nifi-docs/src/main/asciidoc/administration-guide.adoc ########## @@ -375,12 +375,32 @@ JSON Web Key (JWK) provided through the jwks_uri in the metadata found at the di |`nifi.security.user.oidc.claim.identifying.user` | Claim that identifies the user to be logged in; default is `email`. May need to be requested via the `nifi.security.user.oidc.additional.scopes` before usage. |================================================================================================================================================== +[[saml]] +=== SAML + +To enable authentication via SAML the following properties must be configured in _nifi.properties_. + +[options="header"] +|================================================================================================================================================== +| Property Name | Description +|`nifi.security.user.saml.idp.metadata.url` | The URL for obtaining the identity provider's metadata. The metadata can be retrieved from the identity provider via `http://` or `https://`, or a local file can be referenced using `file://` . +|`nifi.security.user.saml.sp.entity.id`| The entity id of the service provider (i.e. NiFi). This value will be used as the `Issuer` for SAML authentication requests and should be a valid URI. In some cases the service provider entity id must be registered ahead of time with the identity provider. +|`nifi.security.user.saml.signing.key.alias`| The alias of the key within `nifi.security.keystore` that will be used for signing SAML messages. +|`nifi.security.user.saml.signature.algorithm`| The algorithm to use when signing SAML messages. Reference the link:https://git.shibboleth.net/view/?p=java-xmltooling.git;a=blob;f=src/main/java/org/opensaml/xml/signature/SignatureConstants.java[Open SAML Signature Constants] for a list of valid values. If not specified the default of SHA-1 will be used. Review comment: What I meant when I wrote this was that if we don't pass in any value to Open SAML then they default to SHA-1. After writing these descriptions I updated the default nifi.properties to have SHA-256. So the description basically means if you delete the default value in nifi.properties so that its empty, then SHA-1 gets used. I could take it a step further and update NiFiProperties itself to have a default as well. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
