David Handermann created NIFI-13296: ---------------------------------------
Summary: Deprecate Kerberos SPNEGO Authentication for Removal Key: NIFI-13296 URL: https://issues.apache.org/jira/browse/NIFI-13296 Project: Apache NiFi Issue Type: Improvement Reporter: David Handermann Assignee: David Handermann NiFi 0.6.0 added Kerberos authentication with [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on Spring Security Kerberos. Although Spring Security Kerberos continues to be maintained, SPNEGO authentication is not common, requiring specialized [client browser configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] for access. As noted in the linked instructions, popular web browsers do not support SPNEGO in the default configuration, and Google Chrome requires either a custom policy or launch from the command line with arguments that list permitted DNS names. Based on these considerations, and in light of more common Single Sign-On strategies using OpenID Connect and SAML 2, NiFi framework support for Kerberos authentication with SPNEGO should be deprecated for subsequent removal in NiFi 2. This deprecation should not impact the Kerberos Login Identity Provider, which continues to support username and password authentication based on the form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)