Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

how to integrate NiFi and ldap and how to add differ users for Nifi web access?

avatar
 
1 ACCEPTED SOLUTION

avatar
Super Mentor

@kishore sanchina

NiFi only supports user controlled access when it is configured to run securely over HTTPS.

The HTTPS configuration of NiFi will require a keystore and truststore is created/provided. If you don't have a corporately provided PKI infrastructure that can provide your with TLS certificates for this purpose, you can create your own. The following HCC article will walk you through manually creating your own:

https://community.hortonworks.com/articles/17293/how-to-create-user-generated-keys-for-securing-nif....

Once your NiFi is setup securely, you will need to enable user access to the UI.

There are two parts to successful access:

1. User authentication <-- This can accomplished via TLS certificates, LDAP, or Kerberos. Setting up NiFi to use one of these login identity providers is covered here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication

2. User Authorization <-- This is accomplished through NiFi via the authorized-users.xml file. This process is documented here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#controlling-levels-of-access

You will need to manually populate the Authorized-users.xml file with your first "Admin" role user. That Admin user will be able to approve access to other users who have passed the authentication phase and submitted a UI based authorization request.

Thanks,

Matt

View solution in original post

1 REPLY 1

avatar
Super Mentor

@kishore sanchina

NiFi only supports user controlled access when it is configured to run securely over HTTPS.

The HTTPS configuration of NiFi will require a keystore and truststore is created/provided. If you don't have a corporately provided PKI infrastructure that can provide your with TLS certificates for this purpose, you can create your own. The following HCC article will walk you through manually creating your own:

https://community.hortonworks.com/articles/17293/how-to-create-user-generated-keys-for-securing-nif....

Once your NiFi is setup securely, you will need to enable user access to the UI.

There are two parts to successful access:

1. User authentication <-- This can accomplished via TLS certificates, LDAP, or Kerberos. Setting up NiFi to use one of these login identity providers is covered here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication

2. User Authorization <-- This is accomplished through NiFi via the authorized-users.xml file. This process is documented here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#controlling-levels-of-access

You will need to manually populate the Authorized-users.xml file with your first "Admin" role user. That Admin user will be able to approve access to other users who have passed the authentication phase and submitted a UI based authorization request.

Thanks,

Matt