Hello, Unfortunately SAML does not exist for NiFi Registry. It does support OIDC though, although I think there a couple of differences in terms of what is supported related to getting groups from OIDC.
Thanks, Bryan On Fri, Jan 3, 2025 at 10:35 AM NEDELLEC Franck <fnedellec.exte...@altima-assurances.fr> wrote: > > Hello, > > We are working with Nifi and Nifi Registry. We recently configure SAML for > Nifi successfully but we can't did the same for Nifi Registry. > There is no mention of SAML into the Nifi Registry documentation and there is > no result if we try anyway to use the same configuration. > > Can you say me if SAML does exist for Nifi Registry or not ? And if not, why > please? > > Here is what we used for our Nifi: > > # SAML Properties # > nifi.security.user.saml.idp.metadata.url:https://our_subdomain_idp.our_domain:9031/pf/federation_metadata.ping?PartnerSpId=com:xxxxx:nifi:xxx > nifi.security.user.saml.sp.entity.id=com:xxxxx:nifi:xxx > nifi.security.user.saml.identity.attribute.name=uid > nifi.security.user.saml.group.attribute.name=memberOf > nifi.security.user.saml.request.signing.enabled=false > nifi.security.user.saml.want.assertions.signed=true > nifi.security.user.saml.signature.algorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 > nifi.security.user.saml.authentication.expiration=12 hours > nifi.security.user.saml.single.logout.enabled=false > nifi.security.user.saml.http.client.truststore.strategy=JDK > nifi.security.user.saml.http.client.connect.timeout=30 secs > nifi.security.user.saml.http.client.read.timeout=30 secs > > We tried to add this same code in the "nifi-registry.properties" file but > nothing happend, even if we change "nifi.security...." by > "nifi.registry.security....".. > > By IDP side, we tried to used the same endpoint: > /nifi-api/access/saml/login/consumer > We even tried by using a fictive endpoint: > /nifi-registry-api/access/saml/login/consumer > > I look forward to your reply, > Regards, > Franck NÉDELLEC
