Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
NiFi 0.6.0 added Kerberos authentication with SPNEGO as a framework feature based on Spring Security Kerberos. Although Spring Security Kerberos continues to be maintained, SPNEGO authentication is not common, requiring specialized client browser configuration for access. As noted in the linked instructions, popular web browsers do not support SPNEGO in the default configuration, and Google Chrome requires either a custom policy or launch from the command line with arguments that list permitted DNS names.
Based on these considerations, and in light of more common Single Sign-On strategies using OpenID Connect and SAML 2, NiFi framework support for Kerberos authentication with SPNEGO should be deprecated for subsequent removal in NiFi 2.
This deprecation should not impact the Kerberos Login Identity Provider, which continues to support username and password authentication based on the form-based login process.
Attachments
Issue Links
- links to
- mentioned in
-
Page Loading...
