[
https://issues.apache.org/jira/browse/NIFI-4382?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16181295#comment-16181295
]
ASF GitHub Bot commented on NIFI-4382:
--------------------------------------
Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2177#discussion_r141146760
--- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc ---
@@ -282,20 +282,23 @@ For a client certificate that can be easily imported
into the browser, specify:
User Authentication
-------------------
-NiFi supports user authentication via client certificates, via
username/password, or using OpenId Connect (http://openid.net/connect).
+NiFi supports user authentication via client certificates, via
username/password, via Apache Knox, or via OpenId Connect
(http://openid.net/connect).
Username/password authentication is performed by a 'Login Identity
Provider'. The Login Identity Provider is a pluggable mechanism for
authenticating users via their username/password. Which Login Identity
Provider to use is configured in two properties in the _nifi.properties_ file.
The `nifi.login.identity.provider.configuration.file` property specifies
the configuration file for Login Identity Providers.
The `nifi.security.user.login.identity.provider` property indicates which
of the configured Login Identity Provider should be
-used. If this property is not configured, NiFi will not support
username/password authentication and will require client
-certificates for authenticating users over HTTPS. By default, this
property is not configured meaning that username/password must be explicitly
enabled.
+used. By default, this property is not configured meaning that
username/password must be explicitly enabled.
During OpenId Connect authentication, NiFi will redirect users to login
with the Provider before returning to NiFi. NiFi will then
call the Provider to obtain the user identity.
-NOTE: NiFi cannot be configured for both username/password and OpenId
Connect authentication at the same time.
+During Apache Knox authentication, NiFi will redirect users to login with
Apache Knox before returning to NiFi. NiFi will verify the Apache Knox
+token during authentication.
+
+NOTE: NiFi can only be configured for username/password, OpenId Connect,
or Apache Knox at a given time. It does not support running each of
--- End diff --
Maybe explicitly note that "username/password" includes both LDAP and
Kerberos.
> Add KnoxSSO support to NiFi
> ---------------------------
>
> Key: NIFI-4382
> URL: https://issues.apache.org/jira/browse/NIFI-4382
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Reporter: Jeff Storck
> Assignee: Jeff Storck
>
> Add support for KnoxSSO to NiFi.
> Reference documentation:
> http://knox.apache.org/books/knox-0-13-0/dev-guide.html#KnoxSSO+Integration
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
