Configuring NiFi for Knox Authentication
After you install NiFi, you must update the NiFi configurations in Apache Ambari.
![[Important]](../common/images/admon/important.png) | Important |
|---|---|
We recommend that NiFi is installed on a different host than Knox. |
In Advanced nifi-ambari-ssl-config, the Initial Admin Identity value must specify a user that Apache Knox can authenticate.
In Advanced nifi-ambari-ssl-config, add a node identity for the Knox node:
<property name="Node Identity 1">CN=$NIFI_HOSTNAME, OU=NIFI</property>
<property name="Node Identity 2">CN=$NIFI_HOSTNAME, OU=NIFI</property>
<property name="Node Identity 3">CN=$NIFI_HOSTNAME, OU=NIFI</property>
<property name="Node Identity 4">CN=$KNOX_HOSTNAME, OU=KNOX</property>
Update the nifi.web.proxy.context.path field in Advanced nifi-properties:
nifi.web.proxy.context.path=$GATEWAY_CONTEXT/flow-management/nifi-app
$GATEWAY_CONTEXTis the value in the Advanced gateway-site gateway.path field in the Ambari Configs for Knox.If you are deploying in a container or cloud environment, update the nifi.web.proxy.host property with a comma-separated list of the host name and port for each Knox node.