It appears I can't edit my question because of the NiFi tag, but here's more information, if it helps. After testing and poking around some more, I've found that the process described here is essentially what I'm after, but with certificates instead of a username/password form. If go directly to /nifi on my NiFi server, I get stuck with NiFi's certificate challenge and Keycloak is not used. I did at least find a pattern that gives me what I want, but it isn't ideal: Go to the NiFi server without any paths attached to the URL (ex: https://localhost:8080/) and get prompted for a certificate -> Decline giving a certificate Land on the page that tells you that it's going to redirect you to /nifi. After five seconds, I get redirected (to https://localhost:8080/nifi) and prompted for a certificate again -> This time I give a valid certificate Land on the Keycloak login, which confirms the certificate being used Successfully login to NiFi I'd want to avoid this, since it isn't exactly straight forward.
... View more
