Peter Toth created NIFI-5041: -------------------------------- Summary: Add convenient SPNEGO/Kerberos authentication support to LivySessionController Key: NIFI-5041 URL: https://issues.apache.org/jira/browse/NIFI-5041 Project: Apache NiFi Issue Type: Bug Affects Versions: 1.5.0 Reporter: Peter Toth
Livy requires SPNEGO/Kerberos authentication on a secured cluster. Initiating such an authentication from NiFi is a viable by providing a java.security.auth.login.config system property (https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/lab/part6.html), but this is a bit cumbersome and needs kinit running outside of NiFi. An alternative and more sophisticated solution would be to do the SPNEGO negotiation programmatically. * This solution would add some new properties to the LivySessionController to fetch kerberos principal and password/keytab * Add the required HTTP Negotiate header (with an SPNEGO token) to the HttpURLConnection to do the authentication programmatically (https://tools.ietf.org/html/rfc4559) -- This message was sent by Atlassian JIRA (v7.6.3#76005)