exceptionfactory commented on a change in pull request #5262:
URL: https://github.com/apache/nifi/pull/5262#discussion_r681266804
##########
File path: nifi-docs/src/main/asciidoc/administration-guide.adoc
##########
@@ -489,6 +489,28 @@ To enable authentication via Apache Knox the following
properties must be config
this listing. The audience that is populated in the token can be configured in
Knox.
|==================================================================================================================================================
+[[json_web_token]]
+=== JSON Web Tokens
+
+NiFi uses JSON Web Tokens to provide authenticated access after the initial
login process. Generated JSON Web Tokens include the authenticated user identity
+as well as the issuer and expiration from the configured Login Identity
Provider.
+
+NiFi uses generated RSA Key Pairs with a key size of 4096 bits to support the
`RS512` algorithm for JSON Web Signatures. The system stores RSA
Review comment:
The current implementation uses a hard-coded setting for the key pair
size to avoid potential misconfiguration, however, it may be more than
necessary in some instances. Given the other resource constraints on a running
system, this does not seem to be too expensive for most deployments. An
alternative could be to make this configurable, but there is a tradeoff between
having too many settings and sensible defaults. What do you think?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
