[ https://issues.apache.org/jira/browse/NIFI-5508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16576706#comment-16576706 ]
Joseph Witt commented on NIFI-5508: ----------------------------------- there is a PR under NIFI-5506 accidentally. Will comment on the PR. > Support disabling wantClientAuth when running behind a reverse proxy. > --------------------------------------------------------------------- > > Key: NIFI-5508 > URL: https://issues.apache.org/jira/browse/NIFI-5508 > Project: Apache NiFi > Issue Type: Bug > Components: Security > Affects Versions: 1.7.0, 1.7.1 > Environment: Reverse Proxy & trying to use other credential provider > when the reverse proxy provides a client certificate itself. > Reporter: Curtis W Ruck > Priority: Major > Labels: rever > Original Estimate: 1h > Remaining Estimate: 1h > > As discussed on mailing list. > JettyServer always calls either setNeedClientAuth(true) or > setWantClientAuth(true). > When used with a reverse proxy that has a client certificate, it is > impossible currently to use other credential providers as the X509 > authentication takes precedence. > Adding the ability to disable wantClientAuth via a NiFi property would enable > the ability to leverage existing SSO solutions behind a reverse proxy. -- This message was sent by Atlassian JIRA (v7.6.3#76005)