username and password login is asked though i dnt provide "nifi.registry.security.identity.provider"

[Sanjanare]

Hi ,

I am able to get the nifi-registry working on https by following :

FROM michalklempa/nifi-registry
COPY ./certs/*.jks /opt/certs/

ENV NIFI_REGISTRY_SECURITY_KEYSTORE=/opt/certs/keystore.jks \
        NIFI_REGISTRY_SECURITY_KEYSTOREtYPE=JKS \
        NIFI_REGISTRY_SECURITY_KEYSTOREpASSWD=***********  \
        NIFI_REGISTRY_SECURITY_TRUSTSTORE=/opt/certs/truststore.jks \
        NIFI_REGISTRY_SECURITY_TRUSTSTOREtYPE=JKS
        NIFI_REGISTRY_SECURITY_TRUSTSTOREpASSWD=***** \
        NIFI_REGISTRY_SECURITY_NEEDcLIENTaUTH=false \
        NIFI_REGISTRY_WEB_HTTP_HOST= \
        NIFI_REGISTRY_WEB_HTTP_PORT= \
        NIFI_REGISTRY_WEB_HTTPS_HOST= \
        NIFI_REGISTRY_WEB_HTTPS_PORT=18443 \
        INITIAL_ADMIN_IDENTITY=CN=ArborMetrix,OU=DevOps

later this UI link https://amis.arbormetrix.com/nifi-registry/ redirects to https://amis.arbormetrix.com/nifi-registry/login/ as asks for username and password.

Not sure whats going on , I later tried providing ldap identity but it doesnot displays properties settings at the top right in the UI.

[michalklempa]

Not sure too. Are you running behind some reverse proxy or plain nifi-registry? Since I can't seem to find :18443 port in your URL:

https://amis.arbormetrix.com:18443/nifi-registry/

I am currently running nifi-registry without HTTPS (SSL is handled using nginx reverse proxy, see my blog post https://michalklempa.com/2019/04/nifi-registry-nginx-proxy-tls-basic-auth/

[Sanjanare]

@michalklempa we are using istio reverse proxy thats why we are not giving the port, we want registry to work on https without providing any identity provider but it is weird that it forwards to login page by just enabling https.

[michalklempa]

I think thats the behavior of registry, try to ask at nifi forums/mailinglist.

Nevertheless, when using proxy to shield from outside world, you may consider your internal network secure enough to run Registry without SSL between proxy and registry.

On Mon, Sep 16, 2019, 21:56 Sanjanare notifications@github.com wrote:

@michalklempa https://github.com/michalklempa we are using istio reverse proxy thats why we are not giving the port, we want registry to work on https without providing any identity provider but it is weird that it forwards to login page by just enabling https.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/michalklempa/docker-nifi-registry/issues/17?email_source=notifications&email_token=ACTBA7MECEHPBIRBZFT74BLQJ7QGLA5CNFSM4IU37BO2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD62KNUI#issuecomment-531932881, or mute the thread https://github.com/notifications/unsubscribe-auth/ACTBA7NLRYX3Y3E6R6USJKTQJ7QGLANCNFSM4IU37BOQ .

[Sanjanare]

@michalklempa thanks for the help found these:

1. Registry < 0.5.0 doesnot have one way anonyms authentication
2. i provided the ldap and it worked .

[michalklempa]

There is docker image for 0.5.0 out: https://hub.docker.com/r/michalklempa/nifi-registry/tags

[michalklempa]

@Sanjanare may we close this issue?