Hello So keep in mind the term 'template' in NiFi means a section of capture configuration that if put on the graph becomes a live flow. In Nifi you're interacting with 'the flow' which can be one connecting thing or many disconnected things. The manipulation of the flow on the graph is altering the actual running flow. This a very different model than the design and deploy approach one may be accustom to from other tools.
Multiple users accessing different parts of the flow is certainly possible whether it is secure or non-secure. In secure mode you can control their level of access to the entire flow (all flows) through the user management screen. However, if you are looking for multi-tenant authorization whereby different users have different levels of access to different parts of flow graph then that is on the roadmap. Here you can find more about it [1]. Regarding the certificate configuration I'll defer to others to provide pointers there but perhaps you're also looking for username and password based authentication. That is also a roadmap item and is slated to be part of the 0.4.0 release. You can see more about that here [2] and [3]. Thanks Joe [1] https://cwiki.apache.org/confluence/display/NIFI/Multi-Tentant+Dataflow [2] https://issues.apache.org/jira/browse/NIFI-655 [3] https://cwiki.apache.org/confluence/display/NIFI/Pluggable+Authentication On Fri, Nov 13, 2015 at 4:35 AM, veeresh <veereshs...@gmail.com> wrote: > Hi All > I have installed nifi on Hortonworks cluster in Azure cloud. Everting works > just fine with non-secured mode (http). In this mode multiple users cannot > work on different templates. I followed the documentation > (https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration). > > Question: For multiple users to work on different templates is it mandatory > to enable https connection enabled? > > Referring to (http://wiki.eclipse.org/Jetty/Howto/Configure_SSL) I have > created keystore and trust store. > My security setting of nifi.properties file look as below. > > nifi.security.keystore=/home/hortonhdp/nifi-0.3.0/keystore > nifi.security.keystoreType=JKS > nifi.security.keystorePasswd=nifi123 > nifi.security.keyPasswd=nifi123 > nifi.security.truststore=/home/hortonhdp/nifi-0.3.0/keystore > nifi.security.truststoreType=JKS > nifi.security.truststorePasswd=nifi123 > nifi.security.needClientAuth=true > nifi.security.user.credential.cache.duration=24 hours > nifi.security.user.authority.provider=file-provider > nifi.security.support.new.account.requests= > nifi.security.ocsp.responder.url= > nifi.security.ocsp.responder.certificate= > > From the browser I get ERR_CONNECTION_CLOSED error. When I try to connect to > nifi using curl locally on the server itself. I get below error > > curl --verbose --insecure https://sandbox.hortonworks.com:8089/nifi > * About to connect() to sandbox.hortonworks.com port 8089 (#0) > * Trying 10.0.0.4... connected > * Connected to sandbox.hortonworks.com (10.0.0.4) port 8089 (#0) > * Initializing NSS with certpath: sql:/etc/pki/nssdb > * warning: ignoring value of ssl.verifyhost > * skipping SSL peer certificate verification > * NSS: client certificate not found (nickname not specified) > * NSS error -5938 > * Closing connection #0 > curl: (35) NSS: client certificate not found (nickname not specified) > > Also enabled DEBUG mode in logback.xml to see any issue. But I don’t see any > errors related to jetty security. > > Is there a clear documentation on how to generate the keystore/truststore. > Is secured connections (https) tested on cloud/Azure. How can I enable > multiple users to access nifi without https mode? > > Thanks in advance > > > > > > > -- > View this message in context: > http://apache-nifi-developer-list.39713.n7.nabble.com/https-connection-fails-with-ERR-CONNECTION-CLOSED-tp4833.html > Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
