HI thanks for the response, EntraID or microsoft online it is different i think
GitHub - benkelly/NiFi-Authentication-with-Azure-Active-Directory-Setup-Guide <https://github.com/benkelly/NiFi-Authentication-with-Azure-Active-Directory-Setup-Guide> i was following the above guide and now NiFi is started, i can see port is listening , but cannot able to access the web UI On Sun, 9 Nov 2025 at 15:45, Daniel Chaffelson <[email protected]> wrote: > I have example simple authentication setups using docker-compose[1] in > NiPyAPI that I use for testing, there is one for oidc using keycloak. > > If you use the make sandbox target in nipy, it will walk you through both > browser-based and client-based Authc and Authz. Perhaps that may help? > > > https://github.com/Chaffelson/nipyapi/blob/main/resources/docker/compose.yml > > On Sun, 9 Nov 2025, 09:10 Ben .T.George, <[email protected]> wrote: > >> HI >> >> Did you manage to fix this? i have similar case, instead of keycloak, i >> was trying to integrate with Microsoft Entraid >> >> On Mon, 21 Jul 2025 at 11:36, <[email protected]> wrote: >> >>> Hello Dear NiFi users, >>> >>> is there any up to date manual how to integrate Apache NiFi with >>> Keycloak? >>> I'm struggling with this since few days without positive resultat. >>> >>> My nifi.properties configuration: >>> >>> nifi.security.user.authorizer=managed-authorizer >>> nifi.security.allow.anonymous.authentication=false >>> nifi.security.user.login.identity.provider=oidc-provider >>> nifi.security.user.jws.key.rotation.period=PT1H >>> nifi.security.ocsp.responder.url= >>> nifi.security.ocsp.responder.certificate= >>> >>> # OpenId Connect SSO Properties # >>> nifi.security.user.oidc.discovery.url= >>> http://localhost:8080/realms/nifi-realm/.well-known/openid-configuration >>> nifi.security.user.oidc.connect.timeout=5 secs >>> nifi.security.user.oidc.read.timeout=5 secs >>> nifi.security.user.oidc.client.id=nifi-client >>> nifi.security.user.oidc.client.secret=SomeKey >>> nifi.security.user.oidc.preferred.jwsalgorithm=RS256 >>> nifi.security.user.oidc.claim.identifying.user=preferred_username >>> nifi.security.user.oidc.fallback.claims.identifying.user= >>> nifi.security.user.oidc.claim.groups=groups >>> nifi.security.user.oidc.token.refresh.window=60 secs >>> >>> authorizers.xml: >>> >>> <?xml version="1.0" encoding="UTF-8" standalone="yes"?> >>> <authorizers> >>> <userGroupProvider> >>> <identifier>keycloak-user-group-provider</identifier> >>> <class>org.apache.nifi.authorization.KeycloakUserGroupProvider</ >>> class> >>> <property name="ServerUrl">http://localhost:8080/</property> >>> <property name="Realm">nifi-realm</property> >>> <property name="Username">admin</property> >>> <property name="Password">***</property> >>> <property name="ClientID">admin-cli</property> >>> </userGroupProvider> >>> >>> <accessPolicyProvider> >>> <identifier>file-access-policy-provider</identifier> >>> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</ >>> class> >>> <property name="User Group Provider"> >>> keycloak-user-group-provider</property> >>> <property name="Authorizations File">./conf/authorizations.xml</ >>> property> >>> <property name="Initial Admin Identity">admin</property> >>> </accessPolicyProvider> >>> <authorizer> >>> <identifier>managed-authorizer</identifier> >>> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> >>> <property name="Access Policy Provider">file-access-policy-provider</ >>> property> >>> </authorizer> >>> </authorizers> >>> >>> login-identity-providers.xml: >>> >>> <?xml version="1.0" encoding="UTF-8" standalone="yes"?> >>> <loginIdentityProviders> >>> <provider> >>> <identifier>oidc-provider</identifier> >>> <class>org.apache.nifi.authentication.single.oidc.OidcIdentityProvider</ >>> class> >>> <property name="Discovery URL"> >>> http://localhost:8080/realms/nifi-realm/.well-known/openid-configuration >>> </property> >>> <property name="Client ID">nifi-client</property> >>> <property name="Client Secret">SomeKey</property> >>> <property name="Connect Timeout">5 secs</property> >>> <property name="Read Timeout">5 secs</property> >>> <property name="Preferred JWS Algorithm">RS256</property> >>> <property name="Claim Identifying User">preferred_username</property> >>> </provider> >>> </loginIdentityProviders> >>> >>> What I'm doing wrong? >>> >>> Regards >>> >>> >>> >>> >>> >>> >>> >>> >> >> >> -- >> Yours Sincerely >> Ben.T.George >> >> *" Live like you will die tomorrow, learn like you will live forever "* >> > -- Yours Sincerely Ben.T.George *" Live like you will die tomorrow, learn like you will live forever "*
