Created 11-05-2023 09:54 PM
Hi,
We are trying to authenticate Nifi with single-user-authorizer using the auto-generated username and password itself. We thought of changing the token expiration time. But, we couldn't find any configuration for token expiration for this default authentication. There is an api which gives the expiation time of the token but the token is still active even after the expiration time we got from the api.
Is there any configuration to change the duration of active token? Or Is there a way to get the actual token expiration time?
Where can I find the document for working of token expiration for nifi default authentication?
Created 11-06-2023 06:09 AM
@zIfo
The default Single-User-Authorizer (Authorization) and Single-user-provider (authentication) are not intended for production use. These were added as of Apache NiFi 1.14 to facilitate a secure out-of-the-box NiFi startup for evaluation and testing.
They provide very basic authentication and authorization. Single user with complete and full access to everything. So by using this default provider you have no ability to support multiple users with very granular levels of authorization. The Token on the NiFi server side should expire after 8 hours. The JWT token stored in the browser may be around longer.
You did not share the version of Apache NiFi you have installed, but perhaps the following explains what you are experiencing :
https://issues.apache.org/jira/browse/NIFI-9049
But to support NiFi Clusters and NiFi multi-tenant authentication and authorization, you should move to a production ready authentication provider (LDAP commonly used) and authorizer (Managed authorizer commonly used).
If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.
Thank you,
Matt
Created 11-06-2023 06:28 AM
@MattWho Thanks for the response. We are using Nifi 1.21.0 version and we are using it internally in our application. Hence, we are currently planning to have Single-User-Authorizer as of now. In future, we will go for authentication provider.
Is there any way to change that 8hours expiration time? And what is the time of expiration I get from the api - /access/token/expiration?. The token is not getting expired with the time we get from that api.