Joe, I just discovered an issue yesterday that might need attention first. I haven't investigated fully yet nor created a ticket because I don't yet fully understand it. However, it appears as though the single-user-authorizer may not be behaving as intended. When I updated nifi.properties to swap the self-signed, auto-generated keystore and truststore with "real" ones, single-user became _every_ user. My suspicion is that any user whose browser presents a cert that was signed by a CA in the truststore is allowed in - without even prompting for username/password.
It may be considered a configuration error to allow this to happen. Still, this seems like extremely dangerous behavior. -Mark On Wed, Mar 9, 2022 at 10:42 AM Joe Witt <joe.w...@gmail.com> wrote: > Team > > We appear to be at a good point to start pulling together the release > candidate for 1.16. > > https://issues.apache.org/jira/projects/NIFI/versions/12350741 > > I'm basically waiting for https://issues.apache.org/jira/browse/NIFI-9761 > to land then will start pulling together the release. > > Thanks > > On Mon, Feb 14, 2022 at 11:18 AM Joe Witt <joe.w...@gmail.com> wrote: > > > Eduardo > > > > Getting reviewers on the UI/rest/front-end are among the toughest as > > there just aren't as many of those folks. > > > > The reply from Pierre was probably most telling. It looks fine but > > many of us would pause to merge without knowing precisely what the > > implications are. What happens on a taxed system with many > > CSs...I''ll comment on the PR. > > > > Thanks > > Joe > > > > On Mon, Feb 14, 2022 at 11:13 AM Eduardo Fontes > > <eduardo.fon...@gmail.com> wrote: > > > > > > Hi All, > > > > > > Is it possible to include > > https://issues.apache.org/jira/browse/NIFI-8927 > > > in release 1.16? > > > I've been asking for a review https://github.com/apache/nifi/pull/5247 > > > since AUG/2021 and I don't understand why nobody did it. It's a simple > > and > > > useful UI feature. > > > > > > Peace out. > > > Eduardo Fontes > > >
