Only if you want other ways to authenticate users. I have setup our NIFI systems to talk with our MS AD via ldaps, and defined different AD groups which in nifi has different policy rules. Some people can manage every thing, others can only start/stop specific processors in specific process groups. Using personal certificates is no problem, I have some admins which also use there personal certificates. But with certificates you would have to add and manage users manually in NIFI. Users can of course being added to internal groups in NIFI and policy configured to groups.
reagrd Jens Den tir. 19. okt. 2021 kl. 07.43 skrev Jakobsson Stefan < [email protected]>: > We are currently authenticating with personal certificates, should we > change that then? > > > > *Stefan Jakobsson* > > > Systems Manager | Scania IT, IKCA | Scania CV AB > > Phone: +46 8 553 527 27 Mobile: +46 7 008 834 76 > > Forskargatan 20, SE-151 87 Södertälje, Sweden > > [email protected] > > > > *From:* Shawn Weeks <[email protected]> > *Sent:* den 18 oktober 2021 21:35 > *To:* [email protected] > *Subject:* RE: Nifi and Registry behind Citrix ADC. > > > > Unless you’re operating the LB in TCP Mode you’ll need to configure NiFi > to use an alternative authentication method like SAML, LDAP, OIDC, etc. > You’ll also need to make sure that your proxy is passing the various HTTP > headers through to NiFi and that NiFi is expecting traffic from a proxy. If > you look in the nifi-user.log and nifi-app.log there might be some hints > about what it didn’t like. > > > > Thanks > > Shawn > > > > *From:* Jakobsson Stefan <[email protected]> > *Sent:* Monday, October 18, 2021 2:26 PM > *To:* [email protected] > *Subject:* RE: Nifi and Registry behind Citrix ADC. > > > > Ahh, no ADC as in applicationdelivery and loadbalancing 😊 > > > > *Stefan Jakobsson* > > > Systems Manager | Scania IT, IKCA | Scania CV AB > > Phone: +46 8 553 527 27 Mobile: +46 7 008 834 76 > > Forskargatan 20, SE-151 87 Södertälje, Sweden > > [email protected] > > > > *From:* Lehel Boér <[email protected]> > *Sent:* den 18 oktober 2021 15:03 > *To:* [email protected] > *Subject:* Re: Nifi and Registry behind Citrix ADC. > > > > Hi Stefan, > > > > Please disregard my prior response. The name mislead me, I discovered ADC > is not the same as Active Directory. > > > > Kind Regards, > > Lehel Boér > > > > Lehel Boér <[email protected]> ezt írta (időpont: 2021. okt. 18., H, > 14:54): > > Hi Stefan, > > > > Have you tried setting up NiFi with an LDAP provider? Here are a few > useful links. > > > > - > https://docs.cloudera.com/HDPDocuments/HDF3/HDF-3.4.1.1/nifi-security/content/ldap_login_identity_provider.html > > - https://pierrevillard.com/2017/01/24/integration-of-nifi-with-ldap > > > > Kind Regards, > > Lehel Boér > > > > Jakobsson Stefan <[email protected]> ezt írta (időpont: 2021. > okt. 18., H, 13:02): > > Hello, > > > > I have some issues trying to run Nifi and Nifi-registry behind an ADC. > Reason for this is that we need Nifi be accessible from aws onto our onprem > nifi installation due demands from our IT sec department > > > > Anyhow, I can connect to Nifi-Registry on the servers ipconfig (i.e. > x.x.x.x:9443/nifi-registry) without problems, but if I try to use the URL > setup in the ADC with 9443 redirected to the nifiservers IP we get an error > saying: > > > > This page isn’t working > > *nifiprod.oururl.com <http://nifiprod.oururl.com>* didn’t send any data. > > ERR_EMPTY_RESPONSE > > > > Anyone has any ideas what I should start looking at? I set the https.host > to 0.0.0.0 in nifi-registry.conf. > > > > *Stefan Jakobsson* > > > Systems Manager | Scania IT, IKCA | Scania CV AB > > Phone: +46 8 553 527 27 Mobile: +46 7 008 834 76 > > Forskargatan 20, SE-151 87 Södertälje, Sweden > > [email protected] > > > >
