nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edgardo Vega <edgardo.v...@gmail.com>
Subject Re: Basic Authentication
Date Fri, 20 Nov 2015 12:42:37 GMT
Joe,

Right now we currently proxy everything through nginx. Currently nginx asks
us for our username and password and then forwards the username and says
they have been authentication. This works okay for nifi if all you want to
do is use the web interface. But there doesn't seem to be a way to make
site to site work in this scenario. So we are trying to figure out how to
secure nifi but not issue certs all over the place. We currently are using
site to site to get data from someone else as well as use it to send data
to a few of our own mini clusters. Some of which are in different aws
regions.

Cheers,

Edgardo

On Fri, Nov 20, 2015 at 7:21 AM, Joe Witt <joe.witt@gmail.com> wrote:

> Edgardo
>
> Yep.  What are some others you'd be looking for?  What we're basically
> doing is preferring a delegated provider model.  Kerberos is one we
> plan to knock out as well
>
> Thanks
> Joe
>
> On Fri, Nov 20, 2015 at 7:10 AM, Edgardo Vega <edgardo.vega@gmail.com>
> wrote:
> > Joe,
> >
> > Yes I was looking for username and password. Seems like NIFI-655 will
> setup
> > the base to allow for other username/password authentication providers
> > other than LDAP and AD.
> >
> > Cheers,
> >
> > Edgardo
> >
> > On Thu, Nov 19, 2015 at 5:31 PM, Joe Witt <joe.witt@gmail.com> wrote:
> >
> >> i conflated two different issues in my response so to clarify:
> >>
> >> I do not believe we're supporting basic authentication in our quest to
> >> obtain user supplied identify information at this time.
> >>
> >> I do know that once we have that data we're delegating to an identity
> >> login provider which we first have implemented to support AD/DS using
> >> LDAP.
> >>
> >> The actual details available thus far are in the branch for NIFI-655
> >> as found here [1] and the higher level description of the goal is
> >> found here [2] but it is light on implementation details.  Those are
> >> better found in the JIRA for NIFI-655 it appears [3].
> >>
> >> [1] https://github.com/apache/nifi/tree/NIFI-655
> >> [2]
> >>
> https://cwiki.apache.org/confluence/display/NIFI/Pluggable+Authentication
> >> [3] https://issues.apache.org/jira/browse/NIFI-655
> >>
> >> Thanks
> >> Joe
> >>
> >> On Thu, Nov 19, 2015 at 4:39 PM, Joe Witt <joe.witt@gmail.com> wrote:
> >> > Edgardo
> >> >
> >> > We're tackling username and password based authentication in NIFI-655.
> >> > It will not be utilizing/supporting basic authentication but perhaps
> >> > you just mean uname/pword?
> >> >
> >> > The approach in NIFI-655 will delegate to a Directory Server/Active
> >> Directory.
> >> >
> >> > Thanks
> >> > Joe
> >> >
> >> > On Thu, Nov 19, 2015 at 3:58 PM, Edgardo Vega <edgardo.vega@gmail.com
> >
> >> wrote:
> >> >> Wasn't there work being done on Basic Authentication? Just curious
to
> >> see
> >> >> where that is along the development cycle.
> >> >>
> >> >> --
> >> >> Cheers,
> >> >>
> >> >> Edgardo
> >>
> >
> >
> >
> > --
> > Cheers,
> >
> > Edgardo
>



-- 
Cheers,

Edgardo

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message