Support Questions
Find answers, ask questions, and share your expertise

Nifi Authorize User Security

Explorer

I am hoping to restrict access to the Nifi webpage. The documentation says in the authorize.xml we can connect it to ldap. But I only want to hardcode some users in the file. Can provide a sample of how this can be done?

5 REPLIES 5

Re: Nifi Authorize User Security

Apache NiFi provides three authentication mechanisms: 2-way TLS/SSL, LDAP, and Kerberos. There is no provided authentication mechanism for checking users/passwords against a file.

The authentication provider, also called a "login identity" provider is pluggable and anyone can implement their own. You could look at how the other ones are implemented:

https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap...

https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-...

Re: Nifi Authorize User Security

Explorer

Re: Nifi Authorize User Security

Ok so there are two different concepts, authentication and authorization. What I described in my answer was the authentication options, which is what identifies a valid use and allows them in to the application, so you need one of those as the starting point.

After authentication, then authorization takes places which is the process of determining what the user can do. The document you linked to is how HDF 1.2/Apache NiFi 0.x configured authorization. In the latest version of HDF/NiFi there is a pluggable authorizer, and NiFi provides two implementations, NiFi's internal authorizer and an authorizer that uses Apache Ranger. The latest doc would be here http://docs.hortonworks.com/HDPDocuments/HDF2/HDF-2.0.1/bk_administration/content/multi-tenant-autho... You can also implement your own authorizer.

Re: Nifi Authorize User Security

Explorer

Sorry but I don't get it... Where do I put the authentication java files?

Re: Nifi Authorize User Security

Explorer

Sorry but I don't get it... Where do I put the authentication java files?