[
https://issues.apache.org/jira/browse/NIFI-5508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16576706#comment-16576706
]
Joseph Witt commented on NIFI-5508:
-----------------------------------
there is a PR under NIFI-5506 accidentally. Will comment on the PR.
> Support disabling wantClientAuth when running behind a reverse proxy.
> ---------------------------------------------------------------------
>
> Key: NIFI-5508
> URL: https://issues.apache.org/jira/browse/NIFI-5508
> Project: Apache NiFi
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.7.0, 1.7.1
> Environment: Reverse Proxy & trying to use other credential provider
> when the reverse proxy provides a client certificate itself.
> Reporter: Curtis W Ruck
> Priority: Major
> Labels: rever
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> As discussed on mailing list.
> JettyServer always calls either setNeedClientAuth(true) or
> setWantClientAuth(true).
> When used with a reverse proxy that has a client certificate, it is
> impossible currently to use other credential providers as the X509
> authentication takes precedence.
> Adding the ability to disable wantClientAuth via a NiFi property would enable
> the ability to leverage existing SSO solutions behind a reverse proxy.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
