[
https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-13296:
------------------------------------
Status: Patch Available (was: Open)
> Deprecate Kerberos SPNEGO Authentication for Removal
> ----------------------------------------------------
>
> Key: NIFI-13296
> URL: https://issues.apache.org/jira/browse/NIFI-13296
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> NiFi 0.6.0 added Kerberos authentication with
> [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on
> Spring Security Kerberos. Although Spring Security Kerberos continues to be
> maintained, SPNEGO authentication is not common, requiring specialized
> [client browser
> configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html]
> for access. As noted in the linked instructions, popular web browsers do not
> support SPNEGO in the default configuration, and Google Chrome requires
> either a custom policy or launch from the command line with arguments that
> list permitted DNS names.
> Based on these considerations, and in light of more common Single Sign-On
> strategies using OpenID Connect and SAML 2, NiFi framework support for
> Kerberos authentication with SPNEGO should be deprecated for subsequent
> removal in NiFi 2.
> This deprecation should not impact the Kerberos Login Identity Provider,
> which continues to support username and password authentication based on the
> form-based login process.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
