Manually configuring SSO (OIDC) for NiFi

This topic describes how to manually configure SSO (OIDC) for NiFi.

About this task

You must manually configure SSO (OIDC) for NiFi when a non-administrative user starts NiFi. In order to configure SSO (OIDC), a cluster admin user must first retrieve the cluster SSO configuration and then update the NiFi configuration file nifi.properties.

Procedure

  1. As a cluster admin user, run the maprcli cluster getssoconf command to retrieve the SSO configuration values. For example:
    maprcli cluster getssoconf
    clientid    clientsecret                      providername  issuerendpoint
    edf-client  FWIx44ym9kBmeR3XkSPPfLsCPQQ3sNMo  keycloak      https://<IP_address>:6443/realms/master
  2. Update the NiFi configuration file nifi.properties with the SSO configuration values retrieved from running the maprcli cluster getssoconf command.
    • Set the property nifi.security.user.oidc.client.id to clientid.

    • Set the property nifi.security.user.oidc.client.secret to clientsecret.

    • Set the property nifi.security.user.oidc.discovery.url to issuerendpoint and append /.well-known/openid-configuration.

    For example:
    nifi.security.user.oidc.client.id=edf-client
    nifi.security.user.oidc.client.secret=FWIx44ym9kBmeR3XkSPPfLsCPQQ3sNMo
    nifi.security.user.oidc.discovery.url=https://<IP_address>:6443/realms/master/.well-known/openid-configuration

    You can now start NiFi as a non-administrative user with SSO (OIDC).