Member since
11-29-2021
2
Posts
0
Kudos Received
0
Solutions
04-11-2023
05:00 AM
Hello Bakho, did Matt's recommendation/suggestion solve your problem? I am having the same issue using certificates created by the NiFi Toolkit.
... View more
12-02-2021
08:48 AM
@Clarfim @tiagot Neither NiFi or NiFi-Registry support creating locally managed users for the purpose of authentication in to services. NiFi provides numerous methods for authenticating a user/client. The default which is always enabled is client/user based authentication via a Mutual TLS handshake. Other methods which can be configured in addition toTLS can be found here: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication NOTE: As of Apache NiFi 1.14, a new Single User authentication method was introduced so that NiFi could be secure by default out-of-the-box. If you choose to use this provider, it will be the ONLY user that can access this NiFi and will have full admin access. If full multi-user access is desired, you must use another method of user authentication. The "Users" UI that you see in NiFi is used so that NiFi authorization policies can be assigned to users and group strings. It is not used for creating local users with passwords within NiFi that can be used to authenticate into NiFi. It also will not be present in UI if using the Single User authentication provider mentioned in previous note. When you configured the initial admin user string, it is used to by the authorizers.xml (depending on configuration) to initially construct a users.xml (contains user strings and group strings along with established association between them) and authorizations.xml (contains policies assigned to user and group strings) file. Keep in mind that if the users.xml and authorizations.xml files already exist, they will not be updated if you make changes to your initial admin. They are only generated f these files do not already exist. Above example that results in a users.xml if you are using the file-user-group-provider or legacy FileAuthorizer provider in your authorizers.xml. None of the other providers will produce a users.xml and none of the other providers will allow you to manually add new user strings or group strings. The other providers are all used to pull user and group strings from an external source. The File-Access-Policy-provider is used to construct the authorizations.xml file. The Initial admin string set in this provider allows NiFi to seed the authorizations.xml file when generated with the NiFi policies needed for that user to function as an Admin (reminder: file is only generated if it does not already exist). More info on setting up authorization in NiFi can be found here: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#multi-tenant-authorization If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post. Thank you, Matt
... View more