GitHub user ruckc opened a pull request:
https://github.com/apache/nifi/pull/2944
[WIP] NIFI-5506 - support disabling wantClientAuth for use behind reverse
proxies
Before merging need assistance wordsmithing the administration-guide.adoc
file. Specifically the below paragraph.
> Similar to nifi.security.needClientAuth, the web server can be configured
to require certificate based client authentication for users accessing the User
Interface. In order to do this it must be configured to not support
username/password authentication using Lightweight Directory Access Protocol
(LDAP) or Kerberos. Either of these options will configure the web server to
WANT certificate based client authentication. This will allow it to support
users with certificates and those without that may be logging in with their
credentials or those accessing anonymously. If username/password authentication
and anonymous access are not configured, the web server will REQUIRE
certificate based client authentication. See User Authentication for more
details.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ruckc/nifi NIFI-5506
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/2944.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2944
----
commit bf2982ab10871e43d7a5f5e8eb9d2006cd6bf280
Author: Curtis W Ruck <ruckc@...>
Date: 2018-08-10T11:50:21Z
NIFI-5506 - add additional property to allow disabling wantClientAuth when
used with other credential providers
----
---
