exceptionfactory commented on PR #8532: URL: https://github.com/apache/nifi/pull/8532#issuecomment-2007302062
> Hey @exceptionfactory - does that mean that it provides a way to use the NiFi CLI without mTLS when NiFi is configured with OIDC for Authentication? If yes, is it possible to provide examples? It also could be worth updating the documentation to reflect that option. I know it's always painful for users to leverage the CLI when both keystore and truststore are required (even if you can use the proxied entity feature). Thanks for asking @pvillard31. This improvement provides the foundation for alternative authentication using the NiFi CLI, but additional work is required in the CLI itself to enable an alternative to mTLS. I agree that mTLS can be challenging to configure for automated integration, so this pull request provides a foundation for future improvements. With this change, it will be possible to enhance the CLI to support OAuth 2 Client Credentials or Device Flow authentication. That will require additional consideration, as obtaining an Access Token often involves multiple steps. However, with these changes in place, there will be more options for integration. I pushed a commit updating the OpenID Connect section of the Admin Guide highlighting support for the Client Credentials Grant Type and outlining the basics of the implementation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
