[jira] [Commented] (NIFI-13296) Deprecate Kerberos SPNEGO Authentication for Removal
[ https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17849495#comment-17849495 ] David Handermann commented on NIFI-13296: - Thanks for reviewing and merging [~joewitt], I updated the Deprecated Features page. > Deprecate Kerberos SPNEGO Authentication for Removal > > > Key: NIFI-13296 > URL: https://issues.apache.org/jira/browse/NIFI-13296 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.27.0 > > Time Spent: 40m > Remaining Estimate: 0h > > NiFi 0.6.0 added Kerberos authentication with > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on > Spring Security Kerberos. Although Spring Security Kerberos continues to be > maintained, SPNEGO authentication is not common, requiring specialized > [client browser > configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] > for access. As noted in the linked instructions, popular web browsers do not > support SPNEGO in the default configuration, and Google Chrome requires > either a custom policy or launch from the command line with arguments that > list permitted DNS names. > Based on these considerations, and in light of more common Single Sign-On > strategies using OpenID Connect and SAML 2, NiFi framework support for > Kerberos authentication with SPNEGO should be deprecated for subsequent > removal in NiFi 2. > This deprecation should not impact the Kerberos Login Identity Provider, > which continues to support username and password authentication based on the > form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-13296) Deprecate Kerberos SPNEGO Authentication for Removal
[ https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17849487#comment-17849487 ] Joe Witt commented on NIFI-13296: - Thanks [~exceptionfactory]. Merged this and the complementary JIRA/PR to support/main respectively. Do you plan to update https://cwiki.apache.org/confluence/display/NIFI/Deprecated+Components+and+Features for this? > Deprecate Kerberos SPNEGO Authentication for Removal > > > Key: NIFI-13296 > URL: https://issues.apache.org/jira/browse/NIFI-13296 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.27.0 > > Time Spent: 40m > Remaining Estimate: 0h > > NiFi 0.6.0 added Kerberos authentication with > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on > Spring Security Kerberos. Although Spring Security Kerberos continues to be > maintained, SPNEGO authentication is not common, requiring specialized > [client browser > configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] > for access. As noted in the linked instructions, popular web browsers do not > support SPNEGO in the default configuration, and Google Chrome requires > either a custom policy or launch from the command line with arguments that > list permitted DNS names. > Based on these considerations, and in light of more common Single Sign-On > strategies using OpenID Connect and SAML 2, NiFi framework support for > Kerberos authentication with SPNEGO should be deprecated for subsequent > removal in NiFi 2. > This deprecation should not impact the Kerberos Login Identity Provider, > which continues to support username and password authentication based on the > form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-13296) Deprecate Kerberos SPNEGO Authentication for Removal
[ https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17849486#comment-17849486 ] ASF subversion and git services commented on NIFI-13296: Commit 6fd7fd96c7a3fa9e87746dc7ca48eb97e369bff2 in nifi's branch refs/heads/support/nifi-1.x from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=6fd7fd96c7 ] NIFI-13296 Deprecated Kerberos SPNEGO Authentication This closes #8878. Signed-off-by: Joseph Witt > Deprecate Kerberos SPNEGO Authentication for Removal > > > Key: NIFI-13296 > URL: https://issues.apache.org/jira/browse/NIFI-13296 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > NiFi 0.6.0 added Kerberos authentication with > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on > Spring Security Kerberos. Although Spring Security Kerberos continues to be > maintained, SPNEGO authentication is not common, requiring specialized > [client browser > configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] > for access. As noted in the linked instructions, popular web browsers do not > support SPNEGO in the default configuration, and Google Chrome requires > either a custom policy or launch from the command line with arguments that > list permitted DNS names. > Based on these considerations, and in light of more common Single Sign-On > strategies using OpenID Connect and SAML 2, NiFi framework support for > Kerberos authentication with SPNEGO should be deprecated for subsequent > removal in NiFi 2. > This deprecation should not impact the Kerberos Login Identity Provider, > which continues to support username and password authentication based on the > form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)