Details
Description
As discussed on mailing list.
JettyServer always calls either setNeedClientAuth(true) or setWantClientAuth(true).
When used with a reverse proxy that has a client certificate, it is impossible currently to use other credential providers as the X509 authentication takes precedence.
Adding the ability to disable wantClientAuth via a NiFi property would enable the ability to leverage existing SSO solutions behind a reverse proxy.
Attachments
Issue Links
- is related to
-
NIFI-5493 Reverse Proxy & OIDC
- Open
- links to