[
https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991068#comment-15991068
]
ASF GitHub Bot commented on NIFI-3684:
--------------------------------------
GitHub user andrewmlim opened a pull request:
https://github.com/apache/nifi/pull/1722
NIFI-3684 Make docs more explicit about anonymous access to a secured…
… instance
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/andrewmlim/nifi NIFI-3684
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/1722.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1722
----
commit ad8f73cfb13cb437defeabb6c6a38e1d5461a5b2
Author: Andrew Lim <[email protected]>
Date: 2017-05-01T16:44:32Z
NIFI-3684 Make docs more explicit about anonymous access to a secured
instance
----
> Make docs more explicit about anonymous access to a secured instance
> --------------------------------------------------------------------
>
> Key: NIFI-3684
> URL: https://issues.apache.org/jira/browse/NIFI-3684
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Documentation & Website
> Affects Versions: 1.1.1
> Reporter: Misha Wakerman
> Assignee: Andrew Lim
> Priority: Trivial
> Labels: documentation, security
>
> Currently the [User
> Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication]
> section of the NiFi docs are unclear about when Anonymous user access is
> possible with a secured NiFi instance.
> Specifically, it should mentioned that: "A secured instance of NiFi cannot be
> accessed anonymously unless configured to use an LDAP or Kerberos Login
> Identity Provider which in turn must be configured to explicitly allow
> anonymous access." That is, that Anonymous access is not possible by the
> (default) FileAuthorizer.
> I also note that NIFI-2730 is looking to allow anonymous user access without
> LDAP/Kerberos on a secured instance.
> Also, in the [Security
> Configuration|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration]
> section of the docs (which appears before the User Authentication section),
> this paragraph is not clear about when anonymous access is possible (and is
> generally not that clear period):
> "Similar to nifi.security.needClientAuth, the web server can be configured to
> require certificate based client authentication for users accessing the User
> Interface. In order to do this it must be configured to not support
> username/password authentication (see below). Either of these options will
> configure the web server to WANT certificate based client authentication.
> This will allow it to support users with certificates and those without that
> may be logging in with their credentials or those accessing anonymously. If
> username/password authentication and anonymous access are not configured, the
> web server will REQUIRE certificate based client authentication."
> - "Either of these options..." which options? LDAP or Kerberos?
> Perhaps the same insertion into the User Authentication section should also
> appear in this section as an INFO pop-out.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
