Support Questions

Find answers, ask questions, and share your expertise

Multi user configuration in Nifi, how to?

avatar
Contributor

Hello all,

I do not know how to configure multi users on 3 nodes Nifi Cluster:

Currently, i use the following to generate client & server certificates using TLS toolkit:

./tls-toolkit.sh standalone -B password -C 'CN=nifiadmin, OU=NIFI' -n 'node1,node2,node3' --nifiDnPrefix 'CN=' --nifiDnSuffix ', OU=NIFI' -o /shared_folder/vm_shared/certs_100722/ -K password -P password -S password

 

I want to configure 3 users for this 3 nodes cluster.

Your help would be greatly appreciated.

Thank you.

1 ACCEPTED SOLUTION

avatar
Master Mentor

@rafy 
Once you have created the certificates for your other two users as @DigitalPlumber suggested, you would need to connect to your NiFi as the admin user you setup during initial securing of your NiFi and these two new users via the NiFi global menu (upper right corner) --> Users.   Then you would need to authorize those new user identities against any policies needed for them to perform the actions you want them to be allowed. 
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#config-users-access-policies

 

Hope this helps,

Matt

View solution in original post

3 REPLIES 3

avatar
Expert Contributor

Hi @rafy please refer to the user authentication portion of this doc:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication
Given that you are familiar with the toolkit and you only want to autheticate 3 users, then creating 3 user certs is simplest approach.
Just have them add the created certs to their browser.

 

avatar
Master Mentor

@rafy 
Once you have created the certificates for your other two users as @DigitalPlumber suggested, you would need to connect to your NiFi as the admin user you setup during initial securing of your NiFi and these two new users via the NiFi global menu (upper right corner) --> Users.   Then you would need to authorize those new user identities against any policies needed for them to perform the actions you want them to be allowed. 
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#config-users-access-policies

 

Hope this helps,

Matt

avatar
Contributor

Thank you sir. I was able to generate more users/client certificates by specifying multiple "-C CN=user1, OU=nifi" in addition to the initial command i have.