Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

how to integrate NiFi and ldap and how to add differ users for Nifi web access?

Solved Go to solution

how to integrate NiFi and ldap and how to add differ users for Nifi web access?

 
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: how to integrate NiFi and ldap and how to add differ users for Nifi web access?

Master Guru

@kishore sanchina

NiFi only supports user controlled access when it is configured to run securely over HTTPS.

The HTTPS configuration of NiFi will require a keystore and truststore is created/provided. If you don't have a corporately provided PKI infrastructure that can provide your with TLS certificates for this purpose, you can create your own. The following HCC article will walk you through manually creating your own:

https://community.hortonworks.com/articles/17293/how-to-create-user-generated-keys-for-securing-nif....

Once your NiFi is setup securely, you will need to enable user access to the UI.

There are two parts to successful access:

1. User authentication <-- This can accomplished via TLS certificates, LDAP, or Kerberos. Setting up NiFi to use one of these login identity providers is covered here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication

2. User Authorization <-- This is accomplished through NiFi via the authorized-users.xml file. This process is documented here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#controlling-levels-of-access

You will need to manually populate the Authorized-users.xml file with your first "Admin" role user. That Admin user will be able to approve access to other users who have passed the authentication phase and submitted a UI based authorization request.

Thanks,

Matt

View solution in original post

1 REPLY 1
Highlighted

Re: how to integrate NiFi and ldap and how to add differ users for Nifi web access?

Master Guru

@kishore sanchina

NiFi only supports user controlled access when it is configured to run securely over HTTPS.

The HTTPS configuration of NiFi will require a keystore and truststore is created/provided. If you don't have a corporately provided PKI infrastructure that can provide your with TLS certificates for this purpose, you can create your own. The following HCC article will walk you through manually creating your own:

https://community.hortonworks.com/articles/17293/how-to-create-user-generated-keys-for-securing-nif....

Once your NiFi is setup securely, you will need to enable user access to the UI.

There are two parts to successful access:

1. User authentication <-- This can accomplished via TLS certificates, LDAP, or Kerberos. Setting up NiFi to use one of these login identity providers is covered here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication

2. User Authorization <-- This is accomplished through NiFi via the authorized-users.xml file. This process is documented here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#controlling-levels-of-access

You will need to manually populate the Authorized-users.xml file with your first "Admin" role user. That Admin user will be able to approve access to other users who have passed the authentication phase and submitted a UI based authorization request.

Thanks,

Matt

View solution in original post

Don't have an account?
Coming from Hortonworks? Activate your account here