[ https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pierre Villard updated NIFI-13296: ---------------------------------- Fix Version/s: 1.27.0 (was: 1.26.1) > Deprecate Kerberos SPNEGO Authentication for Removal > ---------------------------------------------------- > > Key: NIFI-13296 > URL: https://issues.apache.org/jira/browse/NIFI-13296 > Project: Apache NiFi > Issue Type: Improvement > Reporter: David Handermann > Assignee: David Handermann > Priority: Major > Fix For: 1.27.0 > > Time Spent: 40m > Remaining Estimate: 0h > > NiFi 0.6.0 added Kerberos authentication with > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on > Spring Security Kerberos. Although Spring Security Kerberos continues to be > maintained, SPNEGO authentication is not common, requiring specialized > [client browser > configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] > for access. As noted in the linked instructions, popular web browsers do not > support SPNEGO in the default configuration, and Google Chrome requires > either a custom policy or launch from the command line with arguments that > list permitted DNS names. > Based on these considerations, and in light of more common Single Sign-On > strategies using OpenID Connect and SAML 2, NiFi framework support for > Kerberos authentication with SPNEGO should be deprecated for subsequent > removal in NiFi 2. > This deprecation should not impact the Kerberos Login Identity Provider, > which continues to support username and password authentication based on the > form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)