I have example simple authentication setups using docker-compose[1] in NiPyAPI that I use for testing, there is one for oidc using keycloak.
If you use the make sandbox target in nipy, it will walk you through both browser-based and client-based Authc and Authz. Perhaps that may help? https://github.com/Chaffelson/nipyapi/blob/main/resources/docker/compose.yml On Sun, 9 Nov 2025, 09:10 Ben .T.George, <[email protected]> wrote: > HI > > Did you manage to fix this? i have similar case, instead of keycloak, i > was trying to integrate with Microsoft Entraid > > On Mon, 21 Jul 2025 at 11:36, <[email protected]> wrote: > >> Hello Dear NiFi users, >> >> is there any up to date manual how to integrate Apache NiFi with Keycloak? >> I'm struggling with this since few days without positive resultat. >> >> My nifi.properties configuration: >> >> nifi.security.user.authorizer=managed-authorizer >> nifi.security.allow.anonymous.authentication=false >> nifi.security.user.login.identity.provider=oidc-provider >> nifi.security.user.jws.key.rotation.period=PT1H >> nifi.security.ocsp.responder.url= >> nifi.security.ocsp.responder.certificate= >> >> # OpenId Connect SSO Properties # >> nifi.security.user.oidc.discovery.url= >> http://localhost:8080/realms/nifi-realm/.well-known/openid-configuration >> nifi.security.user.oidc.connect.timeout=5 secs >> nifi.security.user.oidc.read.timeout=5 secs >> nifi.security.user.oidc.client.id=nifi-client >> nifi.security.user.oidc.client.secret=SomeKey >> nifi.security.user.oidc.preferred.jwsalgorithm=RS256 >> nifi.security.user.oidc.claim.identifying.user=preferred_username >> nifi.security.user.oidc.fallback.claims.identifying.user= >> nifi.security.user.oidc.claim.groups=groups >> nifi.security.user.oidc.token.refresh.window=60 secs >> >> authorizers.xml: >> >> <?xml version="1.0" encoding="UTF-8" standalone="yes"?> >> <authorizers> >> <userGroupProvider> >> <identifier>keycloak-user-group-provider</identifier> >> <class>org.apache.nifi.authorization.KeycloakUserGroupProvider</ >> class> >> <property name="ServerUrl">http://localhost:8080/</property> >> <property name="Realm">nifi-realm</property> >> <property name="Username">admin</property> >> <property name="Password">***</property> >> <property name="ClientID">admin-cli</property> >> </userGroupProvider> >> >> <accessPolicyProvider> >> <identifier>file-access-policy-provider</identifier> >> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</ >> class> >> <property name="User Group Provider">keycloak-user-group-provider >> </property> >> <property name="Authorizations File">./conf/authorizations.xml</ >> property> >> <property name="Initial Admin Identity">admin</property> >> </accessPolicyProvider> >> <authorizer> >> <identifier>managed-authorizer</identifier> >> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> >> <property name="Access Policy Provider">file-access-policy-provider</ >> property> >> </authorizer> >> </authorizers> >> >> login-identity-providers.xml: >> >> <?xml version="1.0" encoding="UTF-8" standalone="yes"?> >> <loginIdentityProviders> >> <provider> >> <identifier>oidc-provider</identifier> >> <class>org.apache.nifi.authentication.single.oidc.OidcIdentityProvider</ >> class> >> <property name="Discovery URL"> >> http://localhost:8080/realms/nifi-realm/.well-known/openid-configuration >> </property> >> <property name="Client ID">nifi-client</property> >> <property name="Client Secret">SomeKey</property> >> <property name="Connect Timeout">5 secs</property> >> <property name="Read Timeout">5 secs</property> >> <property name="Preferred JWS Algorithm">RS256</property> >> <property name="Claim Identifying User">preferred_username</property> >> </provider> >> </loginIdentityProviders> >> >> What I'm doing wrong? >> >> Regards >> >> >> >> >> >> >> >> > > > -- > Yours Sincerely > Ben.T.George > > *" Live like you will die tomorrow, learn like you will live forever "* >
