[jira] [Commented] (NIFI-3684) Make docs more explicit about anonymous access to a secured instance
[ https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15991114#comment-15991114 ] ASF subversion and git services commented on NIFI-3684: --- Commit 0a7b9467e9f102caf8a12b36a3f92ff43918ad9d in nifi's branch refs/heads/master from [~andrewmlim] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=0a7b946 ] NIFI-3684 Make docs more explicit about anonymous access to a secured instance This closes #1722 Signed-off-by: Scott Aslan> Make docs more explicit about anonymous access to a secured instance > > > Key: NIFI-3684 > URL: https://issues.apache.org/jira/browse/NIFI-3684 > Project: Apache NiFi > Issue Type: Improvement > Components: Documentation & Website >Affects Versions: 1.1.1 >Reporter: Misha Wakerman >Assignee: Andrew Lim >Priority: Trivial > Labels: documentation, security > > Currently the [User > Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication] > section of the NiFi docs are unclear about when Anonymous user access is > possible with a secured NiFi instance. > Specifically, it should mentioned that: "A secured instance of NiFi cannot be > accessed anonymously unless configured to use an LDAP or Kerberos Login > Identity Provider which in turn must be configured to explicitly allow > anonymous access." That is, that Anonymous access is not possible by the > (default) FileAuthorizer. > I also note that NIFI-2730 is looking to allow anonymous user access without > LDAP/Kerberos on a secured instance. > Also, in the [Security > Configuration|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration] > section of the docs (which appears before the User Authentication section), > this paragraph is not clear about when anonymous access is possible (and is > generally not that clear period): > "Similar to nifi.security.needClientAuth, the web server can be configured to > require certificate based client authentication for users accessing the User > Interface. In order to do this it must be configured to not support > username/password authentication (see below). Either of these options will > configure the web server to WANT certificate based client authentication. > This will allow it to support users with certificates and those without that > may be logging in with their credentials or those accessing anonymously. If > username/password authentication and anonymous access are not configured, the > web server will REQUIRE certificate based client authentication." > - "Either of these options..." which options? LDAP or Kerberos? > Perhaps the same insertion into the User Authentication section should also > appear in this section as an INFO pop-out. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (NIFI-3684) Make docs more explicit about anonymous access to a secured instance
[ https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15991120#comment-15991120 ] ASF GitHub Bot commented on NIFI-3684: -- Github user scottyaslan commented on the issue: https://github.com/apache/nifi/pull/1722 Thanks @andrewmlim this has been merged to master. > Make docs more explicit about anonymous access to a secured instance > > > Key: NIFI-3684 > URL: https://issues.apache.org/jira/browse/NIFI-3684 > Project: Apache NiFi > Issue Type: Improvement > Components: Documentation & Website >Affects Versions: 1.1.1 >Reporter: Misha Wakerman >Assignee: Andrew Lim >Priority: Trivial > Labels: documentation, security > > Currently the [User > Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication] > section of the NiFi docs are unclear about when Anonymous user access is > possible with a secured NiFi instance. > Specifically, it should mentioned that: "A secured instance of NiFi cannot be > accessed anonymously unless configured to use an LDAP or Kerberos Login > Identity Provider which in turn must be configured to explicitly allow > anonymous access." That is, that Anonymous access is not possible by the > (default) FileAuthorizer. > I also note that NIFI-2730 is looking to allow anonymous user access without > LDAP/Kerberos on a secured instance. > Also, in the [Security > Configuration|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration] > section of the docs (which appears before the User Authentication section), > this paragraph is not clear about when anonymous access is possible (and is > generally not that clear period): > "Similar to nifi.security.needClientAuth, the web server can be configured to > require certificate based client authentication for users accessing the User > Interface. In order to do this it must be configured to not support > username/password authentication (see below). Either of these options will > configure the web server to WANT certificate based client authentication. > This will allow it to support users with certificates and those without that > may be logging in with their credentials or those accessing anonymously. If > username/password authentication and anonymous access are not configured, the > web server will REQUIRE certificate based client authentication." > - "Either of these options..." which options? LDAP or Kerberos? > Perhaps the same insertion into the User Authentication section should also > appear in this section as an INFO pop-out. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (NIFI-3684) Make docs more explicit about anonymous access to a secured instance
[ https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15991116#comment-15991116 ] ASF GitHub Bot commented on NIFI-3684: -- Github user asfgit closed the pull request at: https://github.com/apache/nifi/pull/1722 > Make docs more explicit about anonymous access to a secured instance > > > Key: NIFI-3684 > URL: https://issues.apache.org/jira/browse/NIFI-3684 > Project: Apache NiFi > Issue Type: Improvement > Components: Documentation & Website >Affects Versions: 1.1.1 >Reporter: Misha Wakerman >Assignee: Andrew Lim >Priority: Trivial > Labels: documentation, security > > Currently the [User > Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication] > section of the NiFi docs are unclear about when Anonymous user access is > possible with a secured NiFi instance. > Specifically, it should mentioned that: "A secured instance of NiFi cannot be > accessed anonymously unless configured to use an LDAP or Kerberos Login > Identity Provider which in turn must be configured to explicitly allow > anonymous access." That is, that Anonymous access is not possible by the > (default) FileAuthorizer. > I also note that NIFI-2730 is looking to allow anonymous user access without > LDAP/Kerberos on a secured instance. > Also, in the [Security > Configuration|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration] > section of the docs (which appears before the User Authentication section), > this paragraph is not clear about when anonymous access is possible (and is > generally not that clear period): > "Similar to nifi.security.needClientAuth, the web server can be configured to > require certificate based client authentication for users accessing the User > Interface. In order to do this it must be configured to not support > username/password authentication (see below). Either of these options will > configure the web server to WANT certificate based client authentication. > This will allow it to support users with certificates and those without that > may be logging in with their credentials or those accessing anonymously. If > username/password authentication and anonymous access are not configured, the > web server will REQUIRE certificate based client authentication." > - "Either of these options..." which options? LDAP or Kerberos? > Perhaps the same insertion into the User Authentication section should also > appear in this section as an INFO pop-out. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (NIFI-3684) Make docs more explicit about anonymous access to a secured instance
[ https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15991070#comment-15991070 ] ASF GitHub Bot commented on NIFI-3684: -- Github user scottyaslan commented on the issue: https://github.com/apache/nifi/pull/1722 Reviewing... > Make docs more explicit about anonymous access to a secured instance > > > Key: NIFI-3684 > URL: https://issues.apache.org/jira/browse/NIFI-3684 > Project: Apache NiFi > Issue Type: Improvement > Components: Documentation & Website >Affects Versions: 1.1.1 >Reporter: Misha Wakerman >Assignee: Andrew Lim >Priority: Trivial > Labels: documentation, security > > Currently the [User > Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication] > section of the NiFi docs are unclear about when Anonymous user access is > possible with a secured NiFi instance. > Specifically, it should mentioned that: "A secured instance of NiFi cannot be > accessed anonymously unless configured to use an LDAP or Kerberos Login > Identity Provider which in turn must be configured to explicitly allow > anonymous access." That is, that Anonymous access is not possible by the > (default) FileAuthorizer. > I also note that NIFI-2730 is looking to allow anonymous user access without > LDAP/Kerberos on a secured instance. > Also, in the [Security > Configuration|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration] > section of the docs (which appears before the User Authentication section), > this paragraph is not clear about when anonymous access is possible (and is > generally not that clear period): > "Similar to nifi.security.needClientAuth, the web server can be configured to > require certificate based client authentication for users accessing the User > Interface. In order to do this it must be configured to not support > username/password authentication (see below). Either of these options will > configure the web server to WANT certificate based client authentication. > This will allow it to support users with certificates and those without that > may be logging in with their credentials or those accessing anonymously. If > username/password authentication and anonymous access are not configured, the > web server will REQUIRE certificate based client authentication." > - "Either of these options..." which options? LDAP or Kerberos? > Perhaps the same insertion into the User Authentication section should also > appear in this section as an INFO pop-out. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (NIFI-3684) Make docs more explicit about anonymous access to a secured instance
[ https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15962361#comment-15962361 ] Misha Wakerman commented on NIFI-3684: -- Tagging [~andrewmlim] and [~alopresto] from NIFI-3480. > Make docs more explicit about anonymous access to a secured instance > > > Key: NIFI-3684 > URL: https://issues.apache.org/jira/browse/NIFI-3684 > Project: Apache NiFi > Issue Type: Improvement > Components: Documentation & Website >Affects Versions: 1.1.1 >Reporter: Misha Wakerman >Priority: Trivial > Labels: documentation, security > > Currently the [User > Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication] > section of the NiFi docs are unclear about when Anonymous user access is > possible with a secured NiFi instance. > Specifically, it should mentioned that: "A secured instance of NiFi cannot be > accessed anonymously unless configured to use an LDAP or Kerberos Login > Identity Provider which in turn must be configured to explicitly allow > anonymous access." That is, that Anonymous access is not possible by the > (default) FileAuthorizer. > I also note that NIFI-2730 is looking to allow anonymous user access without > LDAP/Kerberos on a secured instance. > Also, in the [|] section of the docs (which appears before the User > Authentication section), this paragraph is not clear about when anonymous > access is possible (and is generally not that clear period): > "Similar to nifi.security.needClientAuth, the web server can be configured to > require certificate based client authentication for users accessing the User > Interface. In order to do this it must be configured to not support > username/password authentication (see below). Either of these options will > configure the web server to WANT certificate based client authentication. > This will allow it to support users with certificates and those without that > may be logging in with their credentials or those accessing anonymously. If > username/password authentication and anonymous access are not configured, the > web server will REQUIRE certificate based client authentication." > - "Either of these options..." which options? LDAP or Kerberos? > Perhaps the same insertion into the User Authentication section should also > appear in this section as an INFO pop-out. -- This message was sent by Atlassian JIRA (v6.3.15#6346)