I've been trying to figure out how to improve this area of NiFi. They support OpenID Direct Connect (OIDC), but when you combine it with a reverse proxy or their default/hardcoded PKI configuration, it's near impossible to use.
Ideally the entire authn/z stack needs rearchitecting for better modularity for any decent SSO integration. The current APIs were built around having a writable authn/z store like LDAP/RDBMS. They are not designed for common SSO workflows where users connect to NiFi and inherit NiFi permissions based on their assertion/attributes. On Fri, Aug 31, 2018, 6:14 PM Vijay Chhipa <vchh...@apple.com> wrote: > Hello, > > I am setting up NiFi in the company, but the out-of-the-box authentication > modules are not an option for me. > I would like to write a SAML based login identity provider, > Is there one out there already ? > > I am on NiFi 1.7.1, with Java 8, SAML 2.0, > > What do I need to get started with writing a new login identity provider? > Any examples, sample, or pointers are highly appreciated > > Vijay > >