[
https://issues.apache.org/jira/browse/NIFI-7246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-7246.
------------------------------------
Resolution: Information Provided
NIFI-8766 refactored JWT persistence to use the Local State Provider.
Theoretically, this implementation could be used to use the Cluster State
Provider, which would provide the opportunity for JWT verification across
nodes. However, many other aspects of the NiFi REST API rely on sticky
sessions for asynchronous checking of status changes. For this reason,
enabling cross-node JWT verification would only open up a new set of issues.
For now, the solution remains using sticky sessions when accessing NiFi nodes
through a load balancer.
> JWT Generated by a node in the cluster is not honored by other nodes in the
> cluster.
> ------------------------------------------------------------------------------------
>
> Key: NIFI-7246
> URL: https://issues.apache.org/jira/browse/NIFI-7246
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Security
> Reporter: Shreyas KC
> Priority: Major
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> In an externally load balanced cluster without sticky session, it is not
> possible to currently share the JWT generated by one node with the rest of
> the nodes in the cluster.
> Hence we need a mechanism where we can introduce static key in the
> nifi.properties in its chosen by the cluster administrator.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
