[
https://issues.apache.org/jira/browse/NIFI-15622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael W Moser resolved NIFI-15622.
------------------------------------
Resolution: Won't Do
> Create X500Principal identity mapper transform
> ----------------------------------------------
>
> Key: NIFI-15622
> URL: https://issues.apache.org/jira/browse/NIFI-15622
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Core Framework
> Reporter: Michael W Moser
> Assignee: Michael W Moser
> Priority: Minor
>
> When NiFi is configured for X.509 certificate based user authentication, it
> applies RFC-1779 format rules to the X.500 Principal before determining if
> the user is authorized to access NiFi. NiFi admins can accidentally
> configure an X.500 Distinguished Name in a NiFi UserGroupProvider that does
> not match RFC-1779 format, and the AccessDeniedException result does not make
> it obvious that this is the problem.
> This ticket proposes to create a new X.500 IdentityMapper transform. NiFi
> admins could then opt-in to transforming all user identities to an RFC-1779
> format.
> Example:
> {noformat}
> nifi.security.identity.mapping.pattern.dn=^(.*)$
> nifi.security.identity.mapping.value.dn=$1
> nifi.security.identity.mapping.transform.dn=X500{noformat}
> This ticket *also* proposes to apply IdentityMapper to all users/groups added
> to the system using the nifi-api NiFiServiceFacade and saved to users.xml
> with a FileUserGroupProvider.
> Feedback on this proposal appreciated.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
