[
https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Misha Wakerman updated NIFI-3684:
---------------------------------
Description:
Currently the [User
Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication]
section of the NiFi docs are unclear about when Anonymous user access is
possible with a secured NiFi instance.
Specifically, it should mentioned that: "A secured instance of NiFi cannot be
accessed anonymously unless configured to use an LDAP or Kerberos Login
Identity Provider which in turn must be configured to explicitly allow
anonymous access." That is, that Anonymous access is not possible by the
(default) FileAuthorizer.
I also note that NIFI-2730 is looking to allow anonymous user access without
LDAP/Kerberos on a secured instance.
Also, in the [Security
Configuration|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration]
section of the docs (which appears before the User Authentication section),
this paragraph is not clear about when anonymous access is possible (and is
generally not that clear period):
"Similar to nifi.security.needClientAuth, the web server can be configured to
require certificate based client authentication for users accessing the User
Interface. In order to do this it must be configured to not support
username/password authentication (see below). Either of these options will
configure the web server to WANT certificate based client authentication. This
will allow it to support users with certificates and those without that may be
logging in with their credentials or those accessing anonymously. If
username/password authentication and anonymous access are not configured, the
web server will REQUIRE certificate based client authentication."
- "Either of these options..." which options? LDAP or Kerberos?
Perhaps the same insertion into the User Authentication section should also
appear in this section as an INFO pop-out.
was:
Currently the [User
Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication]
section of the NiFi docs are unclear about when Anonymous user access is
possible with a secured NiFi instance.
Specifically, it should mentioned that: "A secured instance of NiFi cannot be
accessed anonymously unless configured to use an LDAP or Kerberos Login
Identity Provider which in turn must be configured to explicitly allow
anonymous access." That is, that Anonymous access is not possible by the
(default) FileAuthorizer.
I also note that NIFI-2730 is looking to allow anonymous user access without
LDAP/Kerberos on a secured instance.
Also, in the [|] section of the docs (which appears before the User
Authentication section), this paragraph is not clear about when anonymous
access is possible (and is generally not that clear period):
"Similar to nifi.security.needClientAuth, the web server can be configured to
require certificate based client authentication for users accessing the User
Interface. In order to do this it must be configured to not support
username/password authentication (see below). Either of these options will
configure the web server to WANT certificate based client authentication. This
will allow it to support users with certificates and those without that may be
logging in with their credentials or those accessing anonymously. If
username/password authentication and anonymous access are not configured, the
web server will REQUIRE certificate based client authentication."
- "Either of these options..." which options? LDAP or Kerberos?
Perhaps the same insertion into the User Authentication section should also
appear in this section as an INFO pop-out.
> Make docs more explicit about anonymous access to a secured instance
> --------------------------------------------------------------------
>
> Key: NIFI-3684
> URL: https://issues.apache.org/jira/browse/NIFI-3684
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Documentation & Website
> Affects Versions: 1.1.1
> Reporter: Misha Wakerman
> Priority: Trivial
> Labels: documentation, security
>
> Currently the [User
> Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication]
> section of the NiFi docs are unclear about when Anonymous user access is
> possible with a secured NiFi instance.
> Specifically, it should mentioned that: "A secured instance of NiFi cannot be
> accessed anonymously unless configured to use an LDAP or Kerberos Login
> Identity Provider which in turn must be configured to explicitly allow
> anonymous access." That is, that Anonymous access is not possible by the
> (default) FileAuthorizer.
> I also note that NIFI-2730 is looking to allow anonymous user access without
> LDAP/Kerberos on a secured instance.
> Also, in the [Security
> Configuration|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration]
> section of the docs (which appears before the User Authentication section),
> this paragraph is not clear about when anonymous access is possible (and is
> generally not that clear period):
> "Similar to nifi.security.needClientAuth, the web server can be configured to
> require certificate based client authentication for users accessing the User
> Interface. In order to do this it must be configured to not support
> username/password authentication (see below). Either of these options will
> configure the web server to WANT certificate based client authentication.
> This will allow it to support users with certificates and those without that
> may be logging in with their credentials or those accessing anonymously. If
> username/password authentication and anonymous access are not configured, the
> web server will REQUIRE certificate based client authentication."
> - "Either of these options..." which options? LDAP or Kerberos?
> Perhaps the same insertion into the User Authentication section should also
> appear in this section as an INFO pop-out.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
