[
https://issues.apache.org/jira/browse/NIFI-5508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Villard resolved NIFI-5508.
----------------------------------
Resolution: Feedback Received
Apache NiFi 1.x is no longer maintained and no new release is planned on the
1.x release line. Marking as resolved as part of a cleanup operation. Please
open a new one with an updated description if this is still relevant for NiFi
2.x.
> Support disabling wantClientAuth when running behind a reverse proxy.
> ---------------------------------------------------------------------
>
> Key: NIFI-5508
> URL: https://issues.apache.org/jira/browse/NIFI-5508
> Project: Apache NiFi
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.7.0, 1.7.1
> Environment: Reverse Proxy & trying to use other credential provider
> when the reverse proxy provides a client certificate itself.
> Reporter: Curtis W Ruck
> Priority: Major
> Labels: rever
> Original Estimate: 1h
> Time Spent: 20m
> Remaining Estimate: 40m
>
> As discussed on mailing list.
> JettyServer always calls either setNeedClientAuth(true) or
> setWantClientAuth(true).
> When used with a reverse proxy that has a client certificate, it is
> impossible currently to use other credential providers as the X509
> authentication takes precedence.
> Adding the ability to disable wantClientAuth via a NiFi property would enable
> the ability to leverage existing SSO solutions behind a reverse proxy.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
