[GitHub] nifi pull request #2177: NIFI-4382: Adding support for Apache Knox SSO

Tue, 26 Sep 2017 11:40:19 -0700 

Github user alopresto commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2177#discussion_r141146760
  
    --- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc ---
    @@ -282,20 +282,23 @@ For a client certificate that can be easily imported 
into the browser, specify:
     User Authentication
     -------------------
     
    -NiFi supports user authentication via client certificates, via 
username/password, or using OpenId Connect (http://openid.net/connect).
    +NiFi supports user authentication via client certificates, via 
username/password, via Apache Knox, or via OpenId Connect 
(http://openid.net/connect).
     
     Username/password authentication is performed by a 'Login Identity 
Provider'. The Login Identity Provider is a pluggable mechanism for
     authenticating users via their username/password. Which Login Identity 
Provider to use is configured in two properties in the _nifi.properties_ file.
     
     The `nifi.login.identity.provider.configuration.file` property specifies 
the configuration file for Login Identity Providers.
     The `nifi.security.user.login.identity.provider` property indicates which 
of the configured Login Identity Provider should be
    -used. If this property is not configured, NiFi will not support 
username/password authentication and will require client
    -certificates for authenticating users over HTTPS. By default, this 
property is not configured meaning that username/password must be explicitly 
enabled.
    +used. By default, this property is not configured meaning that 
username/password must be explicitly enabled.
     
     During OpenId Connect authentication, NiFi will redirect users to login 
with the Provider before returning to NiFi. NiFi will then
     call the Provider to obtain the user identity.
     
    -NOTE: NiFi cannot be configured for both username/password and OpenId 
Connect authentication at the same time.
    +During Apache Knox authentication, NiFi will redirect users to login with 
Apache Knox before returning to NiFi. NiFi will verify the Apache Knox
    +token during authentication.
    +
    +NOTE: NiFi can only be configured for username/password, OpenId Connect, 
or Apache Knox at a given time. It does not support running each of
    --- End diff --
    
    Maybe explicitly note that "username/password" includes both LDAP and 
Kerberos. 


---

Reply via email to