Manually configuring SSO (OIDC) for NiFi
This topic describes how to manually configure SSO (OIDC) for NiFi.
About this task
You must manually configure SSO (OIDC) for NiFi when a non-administrative user starts
NiFi. In order to configure SSO (OIDC), a cluster admin user must first retrieve the
cluster SSO configuration and then update the NiFi configuration file
nifi.properties
.
Procedure
-
As a cluster admin user, run the
maprcli cluster getssoconf
command to retrieve the SSO configuration values. For example:maprcli cluster getssoconf clientid clientsecret providername issuerendpoint edf-client FWIx44ym9kBmeR3XkSPPfLsCPQQ3sNMo keycloak https://<IP_address>:6443/realms/master
-
Update the NiFi configuration file
nifi.properties
with the SSO configuration values retrieved from running themaprcli cluster getssoconf
command.-
Set the property
nifi.security.user.oidc.client.id
toclientid
. -
Set the property
nifi.security.user.oidc.client.secret
toclientsecret
. -
Set the property
nifi.security.user.oidc.discovery.url
toissuerendpoint
and append/.well-known/openid-configuration
.
For example:nifi.security.user.oidc.client.id=edf-client nifi.security.user.oidc.client.secret=FWIx44ym9kBmeR3XkSPPfLsCPQQ3sNMo nifi.security.user.oidc.discovery.url=https://<IP_address>:6443/realms/master/.well-known/openid-configuration
You can now start NiFi as a non-administrative user with SSO (OIDC).
-