GitHub user ruckc opened a pull request:

    https://github.com/apache/nifi/pull/2944

    [WIP] NIFI-5506 - support disabling wantClientAuth for use behind reverse 
proxies

    Before merging need assistance wordsmithing the administration-guide.adoc 
file.  Specifically the below paragraph.
    
    > Similar to nifi.security.needClientAuth, the web server can be configured 
to require certificate based client authentication for users accessing the User 
Interface. In order to do this it must be configured to not support 
username/password authentication using Lightweight Directory Access Protocol 
(LDAP) or Kerberos. Either of these options will configure the web server to 
WANT certificate based client authentication. This will allow it to support 
users with certificates and those without that may be logging in with their 
credentials or those accessing anonymously. If username/password authentication 
and anonymous access are not configured, the web server will REQUIRE 
certificate based client authentication. See User Authentication for more 
details.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ruckc/nifi NIFI-5506

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/2944.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2944
    
----
commit bf2982ab10871e43d7a5f5e8eb9d2006cd6bf280
Author: Curtis W Ruck <ruckc@...>
Date:   2018-08-10T11:50:21Z

    NIFI-5506 - add additional property to allow disabling wantClientAuth when 
used with other credential providers

----


---

Reply via email to