Hi Curtis, This has come up a few times. Unfortunately I don’t think there is currently an easy way to disable X509-based identity extraction in NiFi today. There is an open JIRA for the same issue in NiFi Registry [1]. NiFi Registry follows the same AuthN/AuthZ design (and a fair amount of code) as NiFi, so this ticket should apply to NiFi as well.
Perhaps you could share more about your needs and use case on that ticket so that when it gets implemented we could take that scenario with reverse proxies and OIDC into account? Thanks, Kevin On Mon, Aug 6, 2018 at 10:23 AM, Curtis Ruck <[email protected]> wrote: > I'm trying to setup OIDC authentication, but with Nifi service existing > behind a reverse proxy, and for our other apps we use SSL Client > Authentication between reverse proxy and application, Nifi is picking up > the Reverse Proxy's SSL Certificate and falling into X509 Authentication > instead of OIDC. Any idea how I can disable X509 authentication in Nifi? > > Connecting directly to nifi, it triggers the proper OIDC redirects. > > -- > Curtis Ruck >
