[
https://issues.apache.org/jira/browse/NIFI-1274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15199950#comment-15199950
]
ASF subversion and git services commented on NIFI-1274:
-------------------------------------------------------
Commit 76f2d5702fe3465471c78a1d23d557f33d0b7664 in nifi's branch
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=76f2d57 ]
NIFI-1274 Added Kerberos authentication mechanism.
NIFI-1274 Cleaned up TODO statements. (+3 squashed commits)
Squashed commits:
[fd101cd] Removed logic to check for presence of services to determine if token
support is enabled when username/password authentication is enabled (Kerberos
also requires tokens).
[c2ce29f] Reverted import changes to RulesResource.java.
[c269d72] Added Kerberos authentication mechanism.
Moved Kerberos service wiring from XML to Java to handle scenario where admin
has not configured Kerberos (previously threw NullPointerException in
FileSystemResource constructor). (+15 squashed commits)
Squashed commits:
[09fc694] Added Kerberos documentation to Admin Guide.
[ecfb864] Cleaned up unused logic.
[157efb3] Added logic to determine if client certificates are required for REST
API (login, anonymous, and Kerberos service authentication all disabled).
Cleaned up KerberosService by moving logic to NiFiProperties.
[5438619] Added documentation for Kerberos login-identity-providers.xml.
[3332d9f] Added NiFi properties for Kerberos SSO.
[b14a557] Fixed canvas call to only attempt Kerberos login if JWT not present
in local storage.
Added logic to handle ticket validation failure in AccessResource.
Changed wiring of Kerberos service beans to XML in
nifi-web-security-context.xml for consistency.
[c31ae3d] Kerberos SPNEGO works without additional filter (new entry endpoint
accepts Kerberos ticket in Authorization header and returns JWT so the rest of
the application functions the same as LDAP).
[98460e7] Added check to only instantiate beans when Kerberos enabled to allow
access control integration tests to pass.
[6ed0724] Renamed Kerberos discovery method to be explicit about service vs.
credential login.
[ed67d2e] Removed temporary solution for Rules Resource access via Kerberos
ticket.
[c8b2b01] Added temporary solution for Rules Resource access via Kerberos
ticket.
[81ca80f] NIFI-1274 Added KerberosAuthenticationFilter to conduct SPNEGO
authentication with local (client) Kerberos ticket.
Added properties and accessors for service principal and keytab location for
NiFi app server.
Added KAF to NiFiWebApiSecurityConfiguration.
Added AlternateKerberosUserDetailsService to provide user lookup without
dependency on extension bundle (nifi-kerberos-iaa-provider).
Added dependencies on spring-security-kerberos-core and -web modules to pom.xml.
[0605ba8] Added working configuration files to test/resources in kerberos
module to document necessary config. This version requires the user to enter
their Kerberos username (without realm) and password into the NiFi login screen
and will authenticate them against the running KDC.
Also includes a sample keystore and root CA public key for configuring a secure
instance.
[49236c8] Added kerberos module dependencies to nifi/pom.xml and
nifi-assembly/pom.xml.
Added default properties to login-identity-providers.xml.
[928c52b] Added nifi-kerberos-iaa-providers-bundle module to nifi/pom.xml.
Added skeleton of Kerberos authenticator using Spring Security Kerberos plugin.
This closes #284
Signed-off-by: Matt Gilman <matt.c.gil...@gmail.com>
> Kerberos based authentication
> -----------------------------
>
> Key: NIFI-1274
> URL: https://issues.apache.org/jira/browse/NIFI-1274
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Extensions
> Reporter: Matt Gilman
> Assignee: Andy LoPresto
> Labels: authentication, security
> Fix For: 0.6.0
>
>
> Add support for Kerberos based authentication.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
