Support Questions
Find answers, ask questions, and share your expertise

Does Nifi use One-way or two-way SSL authentication?

Explorer

Sorry for asking a silly questions: Does Nifi use One-way or two-way SSL authentication?

Thanks

Andy

1 ACCEPTED SOLUTION

Accepted Solutions

Contributor

Hi @Andy Liang

In secured mode, the default authentication method is via 2-way TLS. If you configure another login identity provider. [1] Then you have the option of using 2-way TLS or either SPNEGO in browser or username/password login with 1 way TLS.

[1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication

Thanks,

Bryan

View solution in original post

5 REPLIES 5

Contributor

Hi @Andy Liang

In secured mode, the default authentication method is via 2-way TLS. If you configure another login identity provider. [1] Then you have the option of using 2-way TLS or either SPNEGO in browser or username/password login with 1 way TLS.

[1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication

Thanks,

Bryan

View solution in original post

Master Guru
@Andy Liang

Most features of NiFi use two-way SSL while few allow for use of only One-way SSL.

Anything that is "machine" to "machine" requires two-way SSL. So using features like NiFi's Site-to-Site or SSL Context Controller services all utilize two-way SSL.

NiFi access to the UI only uses one-way ssl.

Thnaks,

Matt

@Matt Clarke @brosander i am using kerberos as a login identity provider to secure nifi1.1.1 instance, could you please suggest do i need to provide two way ssl for this? or we dont need to do in Nifi-1.1.1, as it is no where mentioned in nifi administration guide to provide ssl certificates with kerberos.

i am following this article: https://community.hortonworks.com/content/kbentry/34147/nifi-security-user-authentication-with-kerbe...

Thanks a lot in advance!!

New Contributor

This is a hands-on walkthrough configuring SSL/TLS authentication in Apache NiFi. The tasks we will accomplish include:

  1. Creating and installing a user certificate
  2. Setting up the server's KeyStore
  3. Setting up the server's TrustStore
  4. Installing the user certificate into the TrustStore
  5. Configuring authorization for our user

Read More https://www.janbasktraining.com/blog/big-data-hadoop-tutorial-beginners/

Thanks @Manchun Kumar , but i am unable to find post for this in the link you provided. could you please share the particualr link for ssl/TLS in Nifi-1.1.1 or above