Hello,
I'm trying to enable authentication in NiFi using OpenID Connect (with
Keycloak). I have Keycloak and NiFi behind a TLS termination proxy and a
reverse proxy, which dispatches the requests to Keycloak and NiFi.
AFAIK, authentication is only possible, if using HTTPS directly on NiFi.
My problem is that I have a TLS termination proxy, which terminates TLS
and proxies pure HTTP requests to NiFi. Although I see in NiFi the Login
button (most probably because the NiFi UI recognize https protocol in
the browsers URL), but when I click on it, I get a popup with the
information, that authentication works only in HTTPS.
I tried to set the X-ProxyScheme header to https, but it's still the
same. Is there any option to have authentication with OIDC on NiFi, when
NiFi sits behind a TLS termination proxy and the requests coming to NiFi
are pure HTTP or do I have to proxy the TLS traffic directly to NiFi and
configure the keystore and truststore on it?
Best regards,
Damian