Also available as:
loading table of contents...

Configuring NiFi for Knox Authentication

After you install NiFi, you must update the NiFi configurations in Apache Ambari.


We recommend that NiFi is installed on a different host than Knox.

  1. In Advanced nifi-ambari-ssl-config, the Initial Admin Identity value must specify a user that Apache Knox can authenticate.

  2. In Advanced nifi-ambari-ssl-config, add a node identity for the Knox node:

    • <property name="Node Identity 1">CN=$NIFI_HOSTNAME, OU=NIFI</property>

    • <property name="Node Identity 2">CN=$NIFI_HOSTNAME, OU=NIFI</property>

    • <property name="Node Identity 3">CN=$NIFI_HOSTNAME, OU=NIFI</property>

    • <property name="Node Identity 4">CN=$KNOX_HOSTNAME, OU=KNOX</property>

  3. Update the nifi.web.proxy.context.path field in Advanced nifi-properties:


    $GATEWAY_CONTEXT is the value in the Advanced gateway-site gateway.path field in the Ambari Configs for Knox.

  4. If you are deploying in a container or cloud environment, update the property with a comma-separated list of the host name and port for each Knox node.