A secured instance of NiFi Registry cannot be accessed anonymously, so a method of user authentication must be configured.
NiFi Registry does not perform user authentication over HTTP. Using HTTP, all users will have full permissions.
Any secured instance of NiFi Registry supports authentication via client certificates that are trusted by the NiFi Registry's SSL Context Truststore. Alternatively, a secured NiFi Registry can be configured to authenticate users via username/password.
Username/password authentication is performed by an 'Identity Provider'. The Identity Provider is a pluggable mechanism for authenticating users via their username/password. Which Identity Provider to use is configured in the nifi-registry.properties file. Currently NiFi Registry offers Identity Providers for LDAP and Kerberos.
Identity Providers are configured using two properties in the 'nifi-registry.properties' file:
nifi.registry.security.identity.providers.configuration.fileproperty specifies the configuration file where identity providers are defined. By default, the 'identity-providers.xml' file located in the root installation conf directory is selected.
nifi.registry.security.identity.providerproperty indicates which of the configured identity providers in the 'identity-providers.xml' file to use. By default, this property is not configured meaning that username/password must be explicitly enabled.
NiFi Registry can only be configured to use one Identity Provider at a given time.