Curtis Ruck created NIFI-5508:

             Summary: Support disabling wantClientAuth when running behind a 
reverse proxy.
                 Key: NIFI-5508
             Project: Apache NiFi
          Issue Type: Bug
          Components: Security
    Affects Versions: 1.7.1, 1.7.0
         Environment: Reverse Proxy & trying to use other credential provider 
when the reverse proxy provides a client certificate itself.
            Reporter: Curtis Ruck

As discussed on mailing list.

JettyServer always calls either setNeedClientAuth(true) or 

When used with a reverse proxy that has a client certificate, it is impossible 
currently to use other credential providers as the X509 authentication takes 

Adding the ability to disable wantClientAuth via a NiFi property would enable 
the ability to leverage existing SSO solutions behind a reverse proxy.

This message was sent by Atlassian JIRA

Reply via email to