Curtis Ruck created NIFI-5508: --------------------------------- Summary: Support disabling wantClientAuth when running behind a reverse proxy. Key: NIFI-5508 URL: https://issues.apache.org/jira/browse/NIFI-5508 Project: Apache NiFi Issue Type: Bug Components: Security Affects Versions: 1.7.1, 1.7.0 Environment: Reverse Proxy & trying to use other credential provider when the reverse proxy provides a client certificate itself. Reporter: Curtis Ruck
As discussed on mailing list. JettyServer always calls either setNeedClientAuth(true) or setWantClientAuth(true). When used with a reverse proxy that has a client certificate, it is impossible currently to use other credential providers as the X509 authentication takes precedence. Adding the ability to disable wantClientAuth via a NiFi property would enable the ability to leverage existing SSO solutions behind a reverse proxy. -- This message was sent by Atlassian JIRA (v7.6.3#76005)