Mark The single user authorizer and default setup install is just to avoid having wide open systems by default. So if you want to make changes to security settings and do it right you dont' use that mode. Happy to have improvements within that scope of intent but does not sound like anything we'd wait for. When it lands it lands.
Thanks On Wed, Mar 9, 2022 at 8:49 AM Mark Bean <mark.o.b...@gmail.com> wrote: > Joe, > > I just discovered an issue yesterday that might need attention first. I > haven't investigated fully yet nor created a ticket because I don't yet > fully understand it. However, it appears as though the > single-user-authorizer may not be behaving as intended. When I updated > nifi.properties to swap the self-signed, auto-generated keystore and > truststore with "real" ones, single-user became _every_ user. My suspicion > is that any user whose browser presents a cert that was signed by a CA in > the truststore is allowed in - without even prompting for > username/password. > > It may be considered a configuration error to allow this to happen. Still, > this seems like extremely dangerous behavior. > > -Mark > > > On Wed, Mar 9, 2022 at 10:42 AM Joe Witt <joe.w...@gmail.com> wrote: > > > Team > > > > We appear to be at a good point to start pulling together the release > > candidate for 1.16. > > > > https://issues.apache.org/jira/projects/NIFI/versions/12350741 > > > > I'm basically waiting for > https://issues.apache.org/jira/browse/NIFI-9761 > > to land then will start pulling together the release. > > > > Thanks > > > > On Mon, Feb 14, 2022 at 11:18 AM Joe Witt <joe.w...@gmail.com> wrote: > > > > > Eduardo > > > > > > Getting reviewers on the UI/rest/front-end are among the toughest as > > > there just aren't as many of those folks. > > > > > > The reply from Pierre was probably most telling. It looks fine but > > > many of us would pause to merge without knowing precisely what the > > > implications are. What happens on a taxed system with many > > > CSs...I''ll comment on the PR. > > > > > > Thanks > > > Joe > > > > > > On Mon, Feb 14, 2022 at 11:13 AM Eduardo Fontes > > > <eduardo.fon...@gmail.com> wrote: > > > > > > > > Hi All, > > > > > > > > Is it possible to include > > > https://issues.apache.org/jira/browse/NIFI-8927 > > > > in release 1.16? > > > > I've been asking for a review > https://github.com/apache/nifi/pull/5247 > > > > since AUG/2021 and I don't understand why nobody did it. It's a > simple > > > and > > > > useful UI feature. > > > > > > > > Peace out. > > > > Eduardo Fontes > > > > > >
