[
https://issues.apache.org/jira/browse/NIFI-7246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17289606#comment-17289606
]
David Handermann commented on NIFI-7246:
----------------------------------------
[~shreyaskc] It looks like the current PR includes a number of changes that are
not related to the purpose described. At minimum, it would be helpful to
remove extraneous changes so that the purpose of the PR is clear.
As others have described workarounds, it may also be worth reconsidering the
approach. Introducing a static JWT raises some security concerns as it
effectively provides a permanently valid credential for access. Another
approach to consider might be leveraging the NiFi Sensitive Properties Key to
derive a JWT signing key that could be verified on any node, since all nodes
share the Sensitive Properties Key. This would require careful consideration
and implementation, but it sounds like it would meet your requirements and
provide a more secure approach.
> JWT Generated by a node in the cluster is not honored by other nodes in the
> cluster.
> ------------------------------------------------------------------------------------
>
> Key: NIFI-7246
> URL: https://issues.apache.org/jira/browse/NIFI-7246
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Security
> Reporter: Shreyas KC
> Priority: Major
> Time Spent: 1h
> Remaining Estimate: 0h
>
> In an externally load balanced cluster without sticky session, it is not
> possible to currently share the JWT generated by one node with the rest of
> the nodes in the cluster.
> Hence we need a mechanism where we can introduce static key in the
> nifi.properties in its chosen by the cluster administrator.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
