When NiFi is running over HTTP everyone accesses the application as an anonymous user and has full access.
If you want to have individual user accounts, you'll need to first run NiFi over HTTPS. In order to do this, you'll need to obtain a server certificate for NiFi to use. These details are configured in nifi.security.* sections of the properties file. You can choose any port you'd like but typically you'll see 443 or 8443. Once this is set up, you'll have two choices for authentication. The first is to issue client certificates for your users. These certificates will be loaded into your browser and will allow you to access NiFi as yourself without needing to log in with a username and password. The second option is to log in with username and password where those credentials are stored in a Directory Server [1]. Currently, that is the only support username/password store. However, that is a public extension point and additional options can be added. The authority-providers.xml handles authorization of authenticated users. So the DN that will appear in that file will either come from your client certificate or your LDAP entry. Matt [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication On Thu, Mar 10, 2016 at 4:12 PM, Uwe Geercken <uwe.geerc...@web.de> wrote: > Hello I would like to setup a simple username/password authentication. A > user has to specify the userid and a password to use the nifi web ui - > that's all. > > While there is a lot of information in the documentation, I am confused of > what is required and what not. > > in the file authority-providers.xml this is configured by default - I did > not change anything. > <provider> > <identifier>file-provider</identifier> > > <class>org.apache.nifi.authorization.FileAuthorizationProvider</class> > <property name="Authorized Users > File">./conf/authorized-users.xml</property> > <property name="Default User Roles"></property> > </provider> > > I think I have to configure this here in nifi.properties: > > nifi.web.https.host=localhost > nifi.web.https.port=??? > > host would be localhost but what should I configure for the port? any port? > > The file login-identity-providers has definitions for ldap-provider only, > but his is not my case. > > I have added following entry to authorized-users.xml > > <user dn="cn=Uwe Geercken,ou=people,dc=example,dc=com"> > <role name="ROLE_ADMIN"/> > </user> > > This would be my name, but I don't know if this is the correct format > (taken from the documentation) > > Any help would be appreciated to get me going. > > Regards, > > Uwe > > > >
