https://community.cloudera.com/t5/Support-Questions/Whether-SSO-can-be-used-without-enabling-HTTPS-on-NIFI/m-p/347018#M235045 <P><SPAN>When I tried to turn on KnoxSSO for NIFI without https,</SPAN>I can access NIFI's Web UI through Knox,but I can also access the NIFI directly through port 10111 which n<SPAN>o jump to Knox.</SPAN></P><P><SPAN>So&nbsp;I tried to enable HTTPS while using Knox, and I got this error "<STRONG>Apache Knox SSO support cannot be enabled if the Login Identity Provider or OpenId Connect or SAML is configured.</STRONG>"</SPAN></P><P><SPAN>&nbsp;</SPAN></P><P>&nbsp;</P> Thu, 07 Jul 2022 05:58:05 GMT Meepoljd 2022-07-07T05:58:05Z https://community.cloudera.com/t5/Support-Questions/Whether-SSO-can-be-used-without-enabling-HTTPS-on-NIFI/m-p/346940#M235025 <P class="src grammarSection">Is there a way to use SSO without enabling HTTPS on NIFI?</P> Wed, 06 Jul 2022 10:12:58 GMT https://community.cloudera.com/t5/Support-Questions/Whether-SSO-can-be-used-without-enabling-HTTPS-on-NIFI/m-p/346940#M235025 Meepoljd 2022-07-06T10:12:58Z https://community.cloudera.com/t5/Support-Questions/Whether-SSO-can-be-used-without-enabling-HTTPS-on-NIFI/m-p/347018#M235045 <P><SPAN>When I tried to turn on KnoxSSO for NIFI without https,</SPAN>I can access NIFI's Web UI through Knox,but I can also access the NIFI directly through port 10111 which n<SPAN>o jump to Knox.</SPAN></P><P><SPAN>So&nbsp;I tried to enable HTTPS while using Knox, and I got this error "<STRONG>Apache Knox SSO support cannot be enabled if the Login Identity Provider or OpenId Connect or SAML is configured.</STRONG>"</SPAN></P><P><SPAN>&nbsp;</SPAN></P><P>&nbsp;</P> Thu, 07 Jul 2022 05:58:05 GMT https://community.cloudera.com/t5/Support-Questions/Whether-SSO-can-be-used-without-enabling-HTTPS-on-NIFI/m-p/347018#M235045 Meepoljd 2022-07-07T05:58:05Z https://community.cloudera.com/t5/Support-Questions/Whether-SSO-can-be-used-without-enabling-HTTPS-on-NIFI/m-p/347072#M235056 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/94989">@Meepoljd</a>&nbsp;<BR />You'll want to have https enabled to prevent access to NiFi's endpoints directly.&nbsp; When NiFi is not secured (HTTPS), it does not require user authentication or authorization.&nbsp; Thus access is treated as anonymous.<BR /><BR />When using Apache Knox, NIFi can not be configured with other login based authentication like a login-provider in the login-identity-providers.xml or OpenID or SAML via associated properties in the nifi.properties file.<BR /><BR />So make sure these properties are not configured in the nifi.properties file when you have also configured the knox properties:<BR /><A href="https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#saml" target="_blank">https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#saml</A><BR /><A href="https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#openid_connect" target="_blank">https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#openid_connect</A><BR />and following login provider property:</P><PRE>nifi.security.user.login.identity.provider=</PRE><P>&nbsp;</P><P>If you found this response assisted with your query, please take a moment to login and click on "<STRONG>Accept as Solution</STRONG>" below this post.<BR /><BR />Thank you,</P><P>Matt</P><P><BR /><BR /></P> Thu, 07 Jul 2022 15:17:13 GMT https://community.cloudera.com/t5/Support-Questions/Whether-SSO-can-be-used-without-enabling-HTTPS-on-NIFI/m-p/347072#M235056 MattWho 2022-07-07T15:17:13Z https://community.cloudera.com/t5/Support-Questions/Whether-SSO-can-be-used-without-enabling-HTTPS-on-NIFI/m-p/347198#M235098 <P>Thanks.I open the https for nifi.And it works when Knox and Nifi on same server.<SPAN>But when I deploy NIFI and KNOX separately, I am redirected infinitely when SSO logs in to NIFI and I find Cookies have problems. Is this because of cross-domain? Knox gateway.log has "JWT cookie successfully added." but nifi-user.log have " [&lt;anonymous&gt;] GET <A href="https://XXX:9443/nifi-api/flow/current-user" target="_blank">https://XXX:9443/nifi-api/flow/current-user</A>"</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Meepoljd_0-1657341179686.png" style="width: 400px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/34812i52A3C6669447F25D/image-size/medium?v=v2&amp;px=400" role="button" title="Meepoljd_0-1657341179686.png" alt="Meepoljd_0-1657341179686.png" /></span></P><P>&nbsp;</P> Sat, 09 Jul 2022 04:37:34 GMT https://community.cloudera.com/t5/Support-Questions/Whether-SSO-can-be-used-without-enabling-HTTPS-on-NIFI/m-p/347198#M235098 Meepoljd 2022-07-09T04:37:34Z https://community.cloudera.com/t5/Support-Questions/Whether-SSO-can-be-used-without-enabling-HTTPS-on-NIFI/m-p/347206#M235101 <P>I know.Need FQDN likes testhost.magg.com,Thanks</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Meepoljd_0-1657347712004.png" style="width: 400px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/34817i7F09673540B4C798/image-size/medium?v=v2&amp;px=400" role="button" title="Meepoljd_0-1657347712004.png" alt="Meepoljd_0-1657347712004.png" /></span></P><P>&nbsp;</P> Sat, 09 Jul 2022 06:22:01 GMT https://community.cloudera.com/t5/Support-Questions/Whether-SSO-can-be-used-without-enabling-HTTPS-on-NIFI/m-p/347206#M235101 Meepoljd 2022-07-09T06:22:01Z