Re: Allowing all users to connect

Juan, In your case it may also make sense to implement a simple custom authenticator that just checks that the certificate has a certain identifier (in the DN or OID, etc.) and is signed by a specific certificate. You don’t care so much about the individual identity of the user, but rather the

Re: Allowing all users to connect

Well you have to separate the concepts of authentication and authorization... The stuff you just highlighted from the admin guide is referring to authentication options, which is how you identify a user is who they say they are. After authentication you then have a user identity that you need to

Re: Allowing all users to connect

oooh ok I just assumed that if using LDAP then they have to use username / password based on this from admin guide: " NiFi supports user authentication via client certificates, via username/password, via Apache Knox, or via OpenId Connect . Username/password

Re: Allowing all users to connect

It really comes down to how you want to configure the authorizer... An authorizer is made up of a user-group-provider and a policy-provider. The user-group-provider can be file-based, ldap, composite (combination of multiple), or custom if you implement your own. The policy provider can be

Re: Allowing all users to connect

Thanks, Andrew / Bryan. Yeah this right now is a prototype with a team of about 10 people. We all have certs that we've self-signed. I've not messed with this that much but if I want to use certs it seems the user set up in the initial admin section will have to the other user creations. More

NiFi Test Harness Proof-of-Concept

Dear All, In the past, I had some cases when testing a complex NiFi flow became a tedious manual exercise: that's where the idea came that maybe it would be possible to automate these steps somehow. I have developed a small sample NiFi test harness that allows you to install a NiFi flow to a

Re: Allowing all users to connect

Juan, A cert implies one knows the identity of the cert holder. I'd imagine if you shared it with multiple users, you would have achieved this semi-anonymous requirement. I would take a really deep look into why you want to do it this way, though. Defeats the purpose of security. Is there a

Re: Allowing all users to connect

You could create an identity mapping in nifi.properties that maps any cert DN to a hard coded user identity, say “nifi-user”, so every user looks like that one user. You would lose ability to track which users changed the flow, but I’m guessing that’s not important if you want to give everyone