Hi, Thanks for your fast reply and the consistency of this one.
Sorry about my last mail, that was my first time posting a mail to dev@nifi.apache.org (mail address which I found in the NiFi documentation) and I wasn't aware of this list mecanic, I was waiting for a mail, my bad. Regards, Franck ________________________________ De : Bryan Bende <bbe...@gmail.com> Envoyé : mercredi 15 janvier 2025 16:39 À : dev@nifi.apache.org <dev@nifi.apache.org>; NEDELLEC Franck <fnedellec.exte...@altima-assurances.fr> Objet : Re: NIFI Registry SAML Hello, Yes there was a response to this already... https://lists.apache.org/thread/wh5wd1o6or0t9zhf5mfg1jgrw0nn88qq Please make sure you have subscribed to the list to see responses. Thank you, Bryan On Wed, Jan 15, 2025 at 8:27 AM NEDELLEC Franck <fnedellec.exte...@altima-assurances.fr> wrote: > > Hello, > > Did you see my previous mail regarding SAML on Nifi Registry ? > > Regards, > Franck NÉDELLEC > > ________________________________ > De : NEDELLEC Franck <fnedellec.exte...@altima-assurances.fr> > Envoyé : vendredi 3 janvier 2025 14:59 > À : dev@nifi.apache.org <dev@nifi.apache.org> > Objet : NIFI Registry SAML > > Hello, > > We are working with Nifi and Nifi Registry. We recently configure SAML for > Nifi successfully but we can't did the same for Nifi Registry. > There is no mention of SAML into the Nifi Registry documentation and there is > no result if we try anyway to use the same configuration. > > Can you say me if SAML does exist for Nifi Registry or not ? And if not, why > please? > > Here is what we used for our Nifi: > > # SAML Properties # > nifi.security.user.saml.idp.metadata.url:https://our_subdomain_idp.our_domain:9031/pf/federation_metadata.ping?PartnerSpId=com:xxxxx:nifi:xxx > nifi.security.user.saml.sp.entity.id=com:xxxxx:nifi:xxx > nifi.security.user.saml.identity.attribute.name=uid > nifi.security.user.saml.group.attribute.name=memberOf > nifi.security.user.saml.request.signing.enabled=false > nifi.security.user.saml.want.assertions.signed=true > nifi.security.user.saml.signature.algorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 > nifi.security.user.saml.authentication.expiration=12 hours > nifi.security.user.saml.single.logout.enabled=false > nifi.security.user.saml.http.client.truststore.strategy=JDK > nifi.security.user.saml.http.client.connect.timeout=30 secs > nifi.security.user.saml.http.client.read.timeout=30 secs > > We tried to add this same code in the "nifi-registry.properties" file but > nothing happend, even if we change "nifi.security...." by > "nifi.registry.security....".. > > By IDP side, we tried to used the same endpoint: > /nifi-api/access/saml/login/consumer > We even tried by using a fictive endpoint: > /nifi-registry-api/access/saml/login/consumer > > I look forward to your reply, > Regards, > Franck NÉDELLEC
