[jira] [Commented] (NIFI-3684) Make docs more explicit about anonymous access to a secured instance

2017-05-01 Thread ASF subversion and git services (JIRA) 

[ 
https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15991114#comment-15991114
 ] 

ASF subversion and git services commented on NIFI-3684:
---

Commit 0a7b9467e9f102caf8a12b36a3f92ff43918ad9d in nifi's branch 
refs/heads/master from [~andrewmlim]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=0a7b946 ]

NIFI-3684 Make docs more explicit about anonymous access to a secured instance

This closes #1722

Signed-off-by: Scott Aslan 


> Make docs more explicit about anonymous access to a secured instance
> 
>
> Key: NIFI-3684
> URL: https://issues.apache.org/jira/browse/NIFI-3684
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Documentation & Website
>Affects Versions: 1.1.1
>Reporter: Misha Wakerman
>Assignee: Andrew Lim
>Priority: Trivial
>  Labels: documentation, security
>
> Currently the [User 
> Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication]
>  section of the NiFi docs are unclear about when Anonymous user access is 
> possible with a secured NiFi instance.
> Specifically, it should mentioned that: "A secured instance of NiFi cannot be 
> accessed anonymously unless configured to use an LDAP or Kerberos Login 
> Identity Provider which in turn must be configured to explicitly allow 
> anonymous access." That is, that Anonymous access is not possible by the 
> (default) FileAuthorizer.
> I also note that NIFI-2730 is looking to allow anonymous user access without 
> LDAP/Kerberos on a secured instance.
> Also, in the [Security 
> Configuration|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration]
>  section of the docs (which appears before the User Authentication section), 
> this paragraph is not clear about when anonymous access is possible (and is 
> generally not that clear period):
> "Similar to nifi.security.needClientAuth, the web server can be configured to 
> require certificate based client authentication for users accessing the User 
> Interface. In order to do this it must be configured to not support 
> username/password authentication (see below). Either of these options will 
> configure the web server to WANT certificate based client authentication. 
> This will allow it to support users with certificates and those without that 
> may be logging in with their credentials or those accessing anonymously. If 
> username/password authentication and anonymous access are not configured, the 
> web server will REQUIRE certificate based client authentication."
> - "Either of these options..." which options? LDAP or Kerberos?
> Perhaps the same insertion into the User Authentication section should also 
> appear in this section as an INFO pop-out.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (NIFI-3684) Make docs more explicit about anonymous access to a secured instance

2017-05-01 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15991120#comment-15991120
 ] 

ASF GitHub Bot commented on NIFI-3684:
--

Github user scottyaslan commented on the issue:

https://github.com/apache/nifi/pull/1722
  
Thanks @andrewmlim this has been merged to master.


> Make docs more explicit about anonymous access to a secured instance
> 
>
> Key: NIFI-3684
> URL: https://issues.apache.org/jira/browse/NIFI-3684
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Documentation & Website
>Affects Versions: 1.1.1
>Reporter: Misha Wakerman
>Assignee: Andrew Lim
>Priority: Trivial
>  Labels: documentation, security
>
> Currently the [User 
> Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication]
>  section of the NiFi docs are unclear about when Anonymous user access is 
> possible with a secured NiFi instance.
> Specifically, it should mentioned that: "A secured instance of NiFi cannot be 
> accessed anonymously unless configured to use an LDAP or Kerberos Login 
> Identity Provider which in turn must be configured to explicitly allow 
> anonymous access." That is, that Anonymous access is not possible by the 
> (default) FileAuthorizer.
> I also note that NIFI-2730 is looking to allow anonymous user access without 
> LDAP/Kerberos on a secured instance.
> Also, in the [Security 
> Configuration|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration]
>  section of the docs (which appears before the User Authentication section), 
> this paragraph is not clear about when anonymous access is possible (and is 
> generally not that clear period):
> "Similar to nifi.security.needClientAuth, the web server can be configured to 
> require certificate based client authentication for users accessing the User 
> Interface. In order to do this it must be configured to not support 
> username/password authentication (see below). Either of these options will 
> configure the web server to WANT certificate based client authentication. 
> This will allow it to support users with certificates and those without that 
> may be logging in with their credentials or those accessing anonymously. If 
> username/password authentication and anonymous access are not configured, the 
> web server will REQUIRE certificate based client authentication."
> - "Either of these options..." which options? LDAP or Kerberos?
> Perhaps the same insertion into the User Authentication section should also 
> appear in this section as an INFO pop-out.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (NIFI-3684) Make docs more explicit about anonymous access to a secured instance

2017-05-01 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15991116#comment-15991116
 ] 

ASF GitHub Bot commented on NIFI-3684:
--

Github user asfgit closed the pull request at:

https://github.com/apache/nifi/pull/1722


> Make docs more explicit about anonymous access to a secured instance
> 
>
> Key: NIFI-3684
> URL: https://issues.apache.org/jira/browse/NIFI-3684
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Documentation & Website
>Affects Versions: 1.1.1
>Reporter: Misha Wakerman
>Assignee: Andrew Lim
>Priority: Trivial
>  Labels: documentation, security
>
> Currently the [User 
> Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication]
>  section of the NiFi docs are unclear about when Anonymous user access is 
> possible with a secured NiFi instance.
> Specifically, it should mentioned that: "A secured instance of NiFi cannot be 
> accessed anonymously unless configured to use an LDAP or Kerberos Login 
> Identity Provider which in turn must be configured to explicitly allow 
> anonymous access." That is, that Anonymous access is not possible by the 
> (default) FileAuthorizer.
> I also note that NIFI-2730 is looking to allow anonymous user access without 
> LDAP/Kerberos on a secured instance.
> Also, in the [Security 
> Configuration|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration]
>  section of the docs (which appears before the User Authentication section), 
> this paragraph is not clear about when anonymous access is possible (and is 
> generally not that clear period):
> "Similar to nifi.security.needClientAuth, the web server can be configured to 
> require certificate based client authentication for users accessing the User 
> Interface. In order to do this it must be configured to not support 
> username/password authentication (see below). Either of these options will 
> configure the web server to WANT certificate based client authentication. 
> This will allow it to support users with certificates and those without that 
> may be logging in with their credentials or those accessing anonymously. If 
> username/password authentication and anonymous access are not configured, the 
> web server will REQUIRE certificate based client authentication."
> - "Either of these options..." which options? LDAP or Kerberos?
> Perhaps the same insertion into the User Authentication section should also 
> appear in this section as an INFO pop-out.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (NIFI-3684) Make docs more explicit about anonymous access to a secured instance

2017-05-01 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15991070#comment-15991070
 ] 

ASF GitHub Bot commented on NIFI-3684:
--

Github user scottyaslan commented on the issue:

https://github.com/apache/nifi/pull/1722
  
Reviewing...


> Make docs more explicit about anonymous access to a secured instance
> 
>
> Key: NIFI-3684
> URL: https://issues.apache.org/jira/browse/NIFI-3684
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Documentation & Website
>Affects Versions: 1.1.1
>Reporter: Misha Wakerman
>Assignee: Andrew Lim
>Priority: Trivial
>  Labels: documentation, security
>
> Currently the [User 
> Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication]
>  section of the NiFi docs are unclear about when Anonymous user access is 
> possible with a secured NiFi instance.
> Specifically, it should mentioned that: "A secured instance of NiFi cannot be 
> accessed anonymously unless configured to use an LDAP or Kerberos Login 
> Identity Provider which in turn must be configured to explicitly allow 
> anonymous access." That is, that Anonymous access is not possible by the 
> (default) FileAuthorizer.
> I also note that NIFI-2730 is looking to allow anonymous user access without 
> LDAP/Kerberos on a secured instance.
> Also, in the [Security 
> Configuration|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration]
>  section of the docs (which appears before the User Authentication section), 
> this paragraph is not clear about when anonymous access is possible (and is 
> generally not that clear period):
> "Similar to nifi.security.needClientAuth, the web server can be configured to 
> require certificate based client authentication for users accessing the User 
> Interface. In order to do this it must be configured to not support 
> username/password authentication (see below). Either of these options will 
> configure the web server to WANT certificate based client authentication. 
> This will allow it to support users with certificates and those without that 
> may be logging in with their credentials or those accessing anonymously. If 
> username/password authentication and anonymous access are not configured, the 
> web server will REQUIRE certificate based client authentication."
> - "Either of these options..." which options? LDAP or Kerberos?
> Perhaps the same insertion into the User Authentication section should also 
> appear in this section as an INFO pop-out.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (NIFI-3684) Make docs more explicit about anonymous access to a secured instance

2017-04-09 Thread Misha Wakerman (JIRA) 

[ 
https://issues.apache.org/jira/browse/NIFI-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15962361#comment-15962361
 ] 

Misha Wakerman commented on NIFI-3684:
--

Tagging [~andrewmlim] and [~alopresto] from NIFI-3480.

> Make docs more explicit about anonymous access to a secured instance
> 
>
> Key: NIFI-3684
> URL: https://issues.apache.org/jira/browse/NIFI-3684
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Documentation & Website
>Affects Versions: 1.1.1
>Reporter: Misha Wakerman
>Priority: Trivial
>  Labels: documentation, security
>
> Currently the [User 
> Authentication|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication]
>  section of the NiFi docs are unclear about when Anonymous user access is 
> possible with a secured NiFi instance.
> Specifically, it should mentioned that: "A secured instance of NiFi cannot be 
> accessed anonymously unless configured to use an LDAP or Kerberos Login 
> Identity Provider which in turn must be configured to explicitly allow 
> anonymous access." That is, that Anonymous access is not possible by the 
> (default) FileAuthorizer.
> I also note that NIFI-2730 is looking to allow anonymous user access without 
> LDAP/Kerberos on a secured instance.
> Also, in the [|] section of the docs (which appears before the User 
> Authentication section), this paragraph is not clear about when anonymous 
> access is possible (and is generally not that clear period):
> "Similar to nifi.security.needClientAuth, the web server can be configured to 
> require certificate based client authentication for users accessing the User 
> Interface. In order to do this it must be configured to not support 
> username/password authentication (see below). Either of these options will 
> configure the web server to WANT certificate based client authentication. 
> This will allow it to support users with certificates and those without that 
> may be logging in with their credentials or those accessing anonymously. If 
> username/password authentication and anonymous access are not configured, the 
> web server will REQUIRE certificate based client authentication."
> - "Either of these options..." which options? LDAP or Kerberos?
> Perhaps the same insertion into the User Authentication section should also 
> appear in this section as an INFO pop-out.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)