Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

how to integrate NiFi and ldap and how to add differ users for Nifi web access?

Labels:
avatar
Former Member

Created ‎08-26-2016 09:52 AM

 
2,263 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎08-26-2016 12:00 PM

@kishore sanchina

NiFi only supports user controlled access when it is configured to run securely over HTTPS.

The HTTPS configuration of NiFi will require a keystore and truststore is created/provided. If you don't have a corporately provided PKI infrastructure that can provide your with TLS certificates for this purpose, you can create your own. The following HCC article will walk you through manually creating your own:

https://community.hortonworks.com/articles/17293/how-to-create-user-generated-keys-for-securing-nif....

Once your NiFi is setup securely, you will need to enable user access to the UI.

There are two parts to successful access:

1. User authentication <-- This can accomplished via TLS certificates, LDAP, or Kerberos. Setting up NiFi to use one of these login identity providers is covered here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication

2. User Authorization <-- This is accomplished through NiFi via the authorized-users.xml file. This process is documented here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#controlling-levels-of-access

You will need to manually populate the Authorized-users.xml file with your first "Admin" role user. That Admin user will be able to approve access to other users who have passed the authentication phase and submitted a UI based authorization request.

Thanks,

Matt

View solution in original post

1,473 Views
0
1 REPLY 1

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎08-26-2016 12:00 PM

@kishore sanchina

NiFi only supports user controlled access when it is configured to run securely over HTTPS.

The HTTPS configuration of NiFi will require a keystore and truststore is created/provided. If you don't have a corporately provided PKI infrastructure that can provide your with TLS certificates for this purpose, you can create your own. The following HCC article will walk you through manually creating your own:

https://community.hortonworks.com/articles/17293/how-to-create-user-generated-keys-for-securing-nif....

Once your NiFi is setup securely, you will need to enable user access to the UI.

There are two parts to successful access:

1. User authentication <-- This can accomplished via TLS certificates, LDAP, or Kerberos. Setting up NiFi to use one of these login identity providers is covered here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication

2. User Authorization <-- This is accomplished through NiFi via the authorized-users.xml file. This process is documented here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#controlling-levels-of-access

You will need to manually populate the Authorized-users.xml file with your first "Admin" role user. That Admin user will be able to approve access to other users who have passed the authentication phase and submitted a UI based authorization request.

Thanks,

Matt

1,474 Views
0
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements