David Handermann created NIFI-13294:
---------------------------------------
Summary: Deprecate Apache Knox SSO Integration for Removal
Key: NIFI-13294
URL: https://issues.apache.org/jira/browse/NIFI-13294
Project: Apache NiFi
Issue Type: Improvement
Reporter: David Handermann
Assignee: David Handermann
NiFi 1.4.0 introduced support for authentication with Apache Knox [Single
Sign-On|https://knox.apache.org/books/knox-1-6-0/user-guide.html#SSO+Cookie+Provider]
based on JSON Web Tokens provided through a cookie and verified using a
configurable public key.
Separate from Apache Knox SSO authentication, Apache Knox itself provides
[gateway
access|https://knox.apache.org/books/knox-1-6-0/user-guide.html#Nifi+UI] as a
proxy using the {{X-ProxiedEntitiesChain}} HTTP Header. Proxy access should
remain supported as it is part of the X.509 client certificate authentication
strategy. Deployment patterns based on Apache Knox gateway access work without
any features or configuration properties specific to Knox.
With the implementation of standards-based Single Sign-On using OpenID Connect
and SAML 2, custom cookie-based SSO with Apache Knox should be deprecated for
removal.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
