Configuring NiFi Authentication and Proxying with Apache Knox
Also available as:
PDF

Configuring NiFi for Knox Authentication

After you install NiFi, you must update the NiFi configurations in Apache Ambari.

Important
Important

We recommend that NiFi is installed on a different host than Knox.

  1. In Advanced nifi-ambari-ssl-config, the Initial Admin Identity value must specify a user that Apache Knox can authenticate.
  2. In Advanced nifi-ambari-ssl-config, add a node identity for the Knox node:
    • <property name="Node Identity 1">CN=$NIFI_HOSTNAME, OU=NIFI</property>

    • <property name="Node Identity 2">CN=$NIFI_HOSTNAME, OU=NIFI</property>

    • <property name="Node Identity 3">CN=$NIFI_HOSTNAME, OU=NIFI</property>

    • <property name="Node Identity 4">CN=$KNOX_HOSTNAME, OU=KNOX</property>

  3. Update the nifi.web.proxy.context.path property in Advanced nifi-properties:
    nifi.web.proxy.context.path=/$GATEWAY_CONTEXT/flow-management/nifi-app

    $GATEWAY_CONTEXT is the value in the Advanced gateway-site gateway.path field in the Ambari Configs for Knox.

  4. Update the nifi.web.proxy.host property in Advanced nifi-properties with a comma-separated list of the host name and port for each Knox host, if you are deploying in a container or cloud environment.

    For example:

    knox-host1:18443, knox-host2:443