Security
Also available as:
PDF
loading table of contents...

(Optional) Setting Up Identity Mapping

About This Task

You can use identity mapping properties to normalize user identities. Once you set up identity mapping, NiFi treats identities authenticated by different identity providers (certificates, LDAP, Kerberos) the same. This allows you to avoid creating duplicate users. Additionally, you only need to set up user-specific configurations such as authorizations once per user.

Steps

  1. From the NiFi service Configs tab, click Advanced nifi-properties.

  2. Use the Filter box to search for nifi.security.identity.mapping.pattern.

  3. Enter the following values:

    Table 2.1. Identity mapping values

    FieldSample value
    nifi.security.identity.mapping.pattern.dn^CN=(.*?), OU=(.*?)$
    nifi.security.identity.mapping.value.dn$1@$2
    nifi.security.identity.mapping.pattern.kerb^(.*?)/instance@(.*?)$
    nifi.security.identity.mapping.value.kerb$1@$2

  4. Click Save.

  5. Restart NiFi using the Restart all Required option from the Action menu.

Example

The following examples demonstrate normalizing DNs from certificates and principals from Kerberos:

nifi.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$
nifi.security.identity.mapping.value.dn=$1@$2
nifi.security.identity.mapping.pattern.kerb=^(.*?)/instance@(.*?)$
nifi.security.identity.mapping.value.kerb=$1@$2