. Any idea how I can disable X509 authentication in Nifi?
Connecting directly to nifi, it triggers the proper OIDC redirects.
--
Curtis Ruck
hings integrate together, it's not being a good team player.
As much as I hate to say it, if NiFi was a proper Java EE project, I could
just use a war overlay to modify the AuthN/AuthZ to success; even if it was
just a self-executing .war.
--
Curtis Ruck
On Thu, Aug 9, 2018 at 12:14 PM Shawn We
t impact the users, and
proper single sign on allows application developers focus on their
application's logic and not their AuthN/AuthZ security model.
--
Curtis Ruck
On Thu, Aug 9, 2018 at 3:00 PM Andy LoPresto wrote:
> I think we agree in our assessment of what the code is doing and disagree
&
e);
} else {
contextFactory.setWantClientAuth(true);
}
I believe in the short term, modifying this section to use nifi.properties
to allow us to provide a false to wantClientAuth, would address our
concerns.
--
Curtis Ruck
On Thu, Aug 9, 2018 at 12:54 PM Curtis Ruck wrote:
> To support Shawn's statement
circumstances
to disable X509 easily. In my environment, it's even preferable because we
would use OIDC to redirect to Apereo CAS, which does X509 Authentication
itself.
--
Curtis Ruck
On Thu, Aug 9, 2018 at 2:43 PM Andy LoPresto wrote:
> Hi Curtis,
>
> There has definitely been some d
header, but considering that
wouldn't work with a reverse proxy without this PR, I considered it out of
scope of my near term issue.
--
Curtis Ruck
On Thu, Aug 9, 2018 at 3:47 PM Curtis Ruck wrote:
> The issue with Reverse Proxies and "certificates or other provider" is
> t
I've been trying to figure out how to improve this area of NiFi. They
support OpenID Direct Connect (OIDC), but when you combine it with a
reverse proxy or their default/hardcoded PKI configuration, it's near
impossible to use.
Ideally the entire authn/z stack needs rearchitecting for better
(filterConfig) inside
CatchAllFilter.init().
--
Curtis Ruck
On Wed, May 15, 2019 at 8:50 AM Matt Gilman wrote:
> Curtis,
>
> I haven't set this up recently but it was working the last time I tried
> it. Just wanted to ensure you that were following the guidance in our admin
> gui
cting node. Node
connected."
},
{
timestamp => "05/20/2019 02:17:23 UTC",
category => "INFO",
message => "Connection requested from existing node. Setting
status to connecting."
},
{
9-05-21 03:06:00,563 the ManagedSelector (3663b227) wakes up because the
socket was closed.
2019-05-21 03:06:00,570 the client gets a timeout exception from okhttp.
https://gist.github.com/ruckc/61e2ef68f084e859e225319e0ba6c458
--
Curtis Ruck
On Mon, May 20, 2019 at 11:58 PM Curtis Ruck wro
hreads. I
also have read.timeout set to 30 sec.
~6500 lines of debugging is here.
https://gist.githubusercontent.com/ruckc/df947e04ae4fb55bc37ecc116f747848/raw/06625f0b6169acf272edc648a7fbd2abd043e0a4/node1.log
Wish I knew where to go from here...
--
Curtis Ruck
On Mon, May 20, 2019 at 10:06 A
11 matches
Mail list logo