Re: [Non-DoD Source] Starting controller services

Hi, I'm the NiPyApi author. It's back tested to NiFi 1.1.2 generally, though I haven't specifically tested these calls. If you'd like to wrap the calls and put them in a PR that would be very welcome, otherwise you're welcome to write your use case into an issue on the GitHub repo and I'll take a

Re: Allowing all users to connect

You could create an identity mapping in nifi.properties that maps any cert DN to a hard coded user identity, say “nifi-user”, so every user looks like that one user. You would lose ability to track which users changed the flow, but I’m guessing that’s not important if you want to give everyone acc

Re: Allowing all users to connect

Juan, A cert implies one knows the identity of the cert holder. I'd imagine if you shared it with multiple users, you would have achieved this semi-anonymous requirement. I would take a really deep look into why you want to do it this way, though. Defeats the purpose of security. Is there a prob

NiFi Test Harness Proof-of-Concept

Dear All, In the past, I had some cases when testing a complex NiFi flow became a tedious manual exercise: that's where the idea came that maybe it would be possible to automate these steps somehow. I have developed a small sample NiFi test harness that allows you to install a NiFi flow to a test

Re: Allowing all users to connect

Thanks, Andrew / Bryan. Yeah this right now is a prototype with a team of about 10 people. We all have certs that we've self-signed. I've not messed with this that much but if I want to use certs it seems the user set up in the initial admin section will have to the other user creations. More do

Re: Allowing all users to connect

It really comes down to how you want to configure the authorizer... An authorizer is made up of a user-group-provider and a policy-provider. The user-group-provider can be file-based, ldap, composite (combination of multiple), or custom if you implement your own. The policy provider can be file-

Re: Allowing all users to connect

oooh ok I just assumed that if using LDAP then they have to use username / password based on this from admin guide: " NiFi supports user authentication via client certificates, via username/password, via Apache Knox, or via OpenId Connect . Username/password authenticat

Re: Allowing all users to connect

Well you have to separate the concepts of authentication and authorization... The stuff you just highlighted from the admin guide is referring to authentication options, which is how you identify a user is who they say they are. After authentication you then have a user identity that you need to

Re: Allowing all users to connect

Juan, In your case it may also make sense to implement a simple custom authenticator that just checks that the certificate has a certain identifier (in the DN or OID, etc.) and is signed by a specific certificate. You don’t care so much about the individual identity of the user, but rather the