Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

NiFi user authentication without Ranger or Kerberos

Labels:
Mark_Heydenrych
Rising Star

Created ‎03-17-2017 11:13 AM

I have set up my NiFi instance (NiFi 1.0) to communicate over SSL and authenticate the admin user with a certificate, based on this article. This has worked correctly. Now I would like to add new users to NiFi, and have those users authenticate using username/password. I know this is possible with LDAP, as well as with Ranger and Kerberos, however I would prefer to manage my users directly through NiFi. Adding new users is straightforward, but there is no way I can see to set a password for a user.

Is there any way to achieve this? I know it is possible to create my own LoginIdentityProvider. Does anybody have an example of code that could do what I want?

1,072 Views
0 Kudos
2 REPLIES 2

pvillard
Guru

Created ‎03-17-2017 11:35 AM

Hi @Mark Heydenrych,

This is not something you can do at the moment. To have login/password authentication you must configure a LDAP as login identity provider. Otherwise you could define users in NiFi and issue individual certificates (to be added in the browser) for each user you need.

Another option would be to develop a custom login identity provider to achieve what you are looking for.

Side note - setting a LDAP server can be easily achieved. You can find an example here:

https://pierrevillard.com/2017/01/24/integration-of-nifi-with-ldap

Hope this helps.

720 Views

MattWho
Master Guru

Created ‎03-17-2017 01:08 PM

@Mark Heydenrych

Just to add some clarity to what you are trying to do.

There are two steps that must be successful before any user can access any of a secured NiFi's resources:

1. Authentication - NiFi supports user authentication via user certs (default), kerberos, or LDAP. This authentication layer has nothing to do with users that have been added to either NiFi's internal user authorizer or Ranger.

2. Authorization - After and only after user authentication is successful will user authorization take place. This is where the now authenticated user is checked against an authorizer (default is NiFi's file based authorizer, but Ranger is also supported for this) to see which NiFi resources that user has been granted access to.

There is no single endpoint that can be used to do facilitate both authentication and authorization at this time.

Thanks,

Matt

720 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
What's New @ Cloudera
Cloudera Operational Database (COD) UI supports creating a smaller cluster using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports scaling up the clusters vertically
Product Announcements
CDP Public Cloud: April 2023 Release Summary
What's New @ Cloudera
Cloudera Machine Learning launches "Add Data" feature to simplify data ingestion
What's New @ Cloudera
Simplify Data Access with Custom Connection Support in CML
View More Announcements