Curtis Ruck created NIFI-5508:
---------------------------------
Summary: Support disabling wantClientAuth when running behind a
reverse proxy.
Key: NIFI-5508
URL: https://issues.apache.org/jira/browse/NIFI-5508
Project: Apache NiFi
Issue Type: Bug
Components: Security
Affects Versions: 1.7.1, 1.7.0
Environment: Reverse Proxy & trying to use other credential provider
when the reverse proxy provides a client certificate itself.
Reporter: Curtis Ruck
As discussed on mailing list.
JettyServer always calls either setNeedClientAuth(true) or
setWantClientAuth(true).
When used with a reverse proxy that has a client certificate, it is impossible
currently to use other credential providers as the X509 authentication takes
precedence.
Adding the ability to disable wantClientAuth via a NiFi property would enable
the ability to leverage existing SSO solutions behind a reverse proxy.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
