[jira] [Updated] (NIFI-13296) Deprecate Kerberos SPNEGO Authentication for Removal
[ https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Witt updated NIFI-13296: Fix Version/s: 1.27.0 > Deprecate Kerberos SPNEGO Authentication for Removal > > > Key: NIFI-13296 > URL: https://issues.apache.org/jira/browse/NIFI-13296 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.27.0 > > Time Spent: 40m > Remaining Estimate: 0h > > NiFi 0.6.0 added Kerberos authentication with > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on > Spring Security Kerberos. Although Spring Security Kerberos continues to be > maintained, SPNEGO authentication is not common, requiring specialized > [client browser > configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] > for access. As noted in the linked instructions, popular web browsers do not > support SPNEGO in the default configuration, and Google Chrome requires > either a custom policy or launch from the command line with arguments that > list permitted DNS names. > Based on these considerations, and in light of more common Single Sign-On > strategies using OpenID Connect and SAML 2, NiFi framework support for > Kerberos authentication with SPNEGO should be deprecated for subsequent > removal in NiFi 2. > This deprecation should not impact the Kerberos Login Identity Provider, > which continues to support username and password authentication based on the > form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-13296) Deprecate Kerberos SPNEGO Authentication for Removal
[ https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Witt updated NIFI-13296: Resolution: Fixed Status: Resolved (was: Patch Available) > Deprecate Kerberos SPNEGO Authentication for Removal > > > Key: NIFI-13296 > URL: https://issues.apache.org/jira/browse/NIFI-13296 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.27.0 > > Time Spent: 40m > Remaining Estimate: 0h > > NiFi 0.6.0 added Kerberos authentication with > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on > Spring Security Kerberos. Although Spring Security Kerberos continues to be > maintained, SPNEGO authentication is not common, requiring specialized > [client browser > configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] > for access. As noted in the linked instructions, popular web browsers do not > support SPNEGO in the default configuration, and Google Chrome requires > either a custom policy or launch from the command line with arguments that > list permitted DNS names. > Based on these considerations, and in light of more common Single Sign-On > strategies using OpenID Connect and SAML 2, NiFi framework support for > Kerberos authentication with SPNEGO should be deprecated for subsequent > removal in NiFi 2. > This deprecation should not impact the Kerberos Login Identity Provider, > which continues to support username and password authentication based on the > form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-13296) Deprecate Kerberos SPNEGO Authentication for Removal
[ https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-13296: Status: Patch Available (was: Open) > Deprecate Kerberos SPNEGO Authentication for Removal > > > Key: NIFI-13296 > URL: https://issues.apache.org/jira/browse/NIFI-13296 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > NiFi 0.6.0 added Kerberos authentication with > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on > Spring Security Kerberos. Although Spring Security Kerberos continues to be > maintained, SPNEGO authentication is not common, requiring specialized > [client browser > configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] > for access. As noted in the linked instructions, popular web browsers do not > support SPNEGO in the default configuration, and Google Chrome requires > either a custom policy or launch from the command line with arguments that > list permitted DNS names. > Based on these considerations, and in light of more common Single Sign-On > strategies using OpenID Connect and SAML 2, NiFi framework support for > Kerberos authentication with SPNEGO should be deprecated for subsequent > removal in NiFi 2. > This deprecation should not impact the Kerberos Login Identity Provider, > which continues to support username and password authentication based on the > form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)
