Re: NIFI Registry SAML

Wed, 15 Jan 2025 07:40:25 -0800 

Hello,

Yes there was a response to this already...

https://lists.apache.org/thread/wh5wd1o6or0t9zhf5mfg1jgrw0nn88qq

Please make sure you have subscribed to the list to see responses.

Thank you,

Bryan

On Wed, Jan 15, 2025 at 8:27 AM NEDELLEC Franck
<fnedellec.exte...@altima-assurances.fr> wrote:
>
> Hello,
>
> Did you see my previous mail regarding SAML on Nifi Registry ?
>
> Regards,
> Franck NÉDELLEC
>
> ________________________________
> De : NEDELLEC Franck <fnedellec.exte...@altima-assurances.fr>
> Envoyé : vendredi 3 janvier 2025 14:59
> À : dev@nifi.apache.org <dev@nifi.apache.org>
> Objet : NIFI Registry SAML
>
> Hello,
>
> We are working with Nifi and Nifi Registry. We recently configure SAML for 
> Nifi successfully but we can't did the same for Nifi Registry.
> There is no mention of SAML into the Nifi Registry documentation and there is 
> no result if we try anyway to use the same configuration.
>
> Can you say me if SAML does exist for Nifi Registry or not ? And if not, why 
> please?
>
> Here is what we used for our Nifi:
>
> # SAML Properties #
> nifi.security.user.saml.idp.metadata.url:https://our_subdomain_idp.our_domain:9031/pf/federation_metadata.ping?PartnerSpId=com:xxxxx:nifi:xxx
> nifi.security.user.saml.sp.entity.id=com:xxxxx:nifi:xxx
> nifi.security.user.saml.identity.attribute.name=uid
> nifi.security.user.saml.group.attribute.name=memberOf
> nifi.security.user.saml.request.signing.enabled=false
> nifi.security.user.saml.want.assertions.signed=true
> nifi.security.user.saml.signature.algorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
> nifi.security.user.saml.authentication.expiration=12 hours
> nifi.security.user.saml.single.logout.enabled=false
> nifi.security.user.saml.http.client.truststore.strategy=JDK
> nifi.security.user.saml.http.client.connect.timeout=30 secs
> nifi.security.user.saml.http.client.read.timeout=30 secs
>
> We tried to add this same code in the "nifi-registry.properties" file but 
> nothing happend, even if we change "nifi.security...." by 
> "nifi.registry.security...."..
>
> By IDP side, we tried to used the same endpoint: 
> /nifi-api/access/saml/login/consumer
> We even tried by using a fictive endpoint: 
> /nifi-registry-api/access/saml/login/consumer
>
> I look forward to your reply,
> Regards,
> Franck NÉDELLEC

Reply via email to