sorry forgot the link. here it is: [1] https://issues.apache.org/jira/projects/NIFIREG/issues/NIFIREG-189
On Thu, Aug 9, 2018 at 11:47 AM, Kevin Doran <[email protected]> wrote: > Hi Curtis, > > This has come up a few times. Unfortunately I don’t think there is > currently an easy way to disable X509-based identity extraction in NiFi > today. There is an open JIRA for the same issue in NiFi Registry [1]. NiFi > Registry follows the same AuthN/AuthZ design (and a fair amount of code) as > NiFi, so this ticket should apply to NiFi as well. > > Perhaps you could share more about your needs and use case on that ticket > so that when it gets implemented we could take that scenario with reverse > proxies and OIDC into account? > > Thanks, > Kevin > > On Mon, Aug 6, 2018 at 10:23 AM, Curtis Ruck <[email protected]> > wrote: > >> I'm trying to setup OIDC authentication, but with Nifi service existing >> behind a reverse proxy, and for our other apps we use SSL Client >> Authentication between reverse proxy and application, Nifi is picking up >> the Reverse Proxy's SSL Certificate and falling into X509 Authentication >> instead of OIDC. Any idea how I can disable X509 authentication in Nifi? >> >> Connecting directly to nifi, it triggers the proper OIDC redirects. >> >> -- >> Curtis Ruck >> > >
