mirror of https://github.com/apache/nifi.git
NIFI-655:
- Pre-populating the login-identity-providers.xml file with necessary properties and documentation. - Renaming the Authentication Duration property name.
This commit is contained in:
parent
91573cb807
commit
e61a369089
|
@ -19,4 +19,74 @@
|
||||||
must be specified in the nifi.properties file.
|
must be specified in the nifi.properties file.
|
||||||
-->
|
-->
|
||||||
<loginIdentityProviders>
|
<loginIdentityProviders>
|
||||||
|
<!--
|
||||||
|
Identity Provider for users logging in with username/password against an LDAP server.
|
||||||
|
|
||||||
|
'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible
|
||||||
|
values are ANONYMOUS, SIMPLE, or START_TLS.
|
||||||
|
|
||||||
|
'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users.
|
||||||
|
'Manager Password' - The password of the manager that is used to bind to the LDAP server to
|
||||||
|
search for users.
|
||||||
|
|
||||||
|
'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using START_TLS.
|
||||||
|
'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP
|
||||||
|
using START_TLS.
|
||||||
|
'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using
|
||||||
|
START_TLS (i.e. JKS or PKCS12).
|
||||||
|
'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using START_TLS.
|
||||||
|
'TLS - Truststore Password' - Password for the Truststore that is used when connecting to
|
||||||
|
LDAP using START_TLS.
|
||||||
|
'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using
|
||||||
|
START_TLS (i.e. JKS or PKCS12).
|
||||||
|
'TLS - Client Auth' - Client authentication policy when connecting to LDAP using START_TLS.
|
||||||
|
Possible values are REQUIRED, WANT, NONE.
|
||||||
|
'TLS - Protocol' - Protocol to use when connecting to LDAP using START_TLS. (i.e. TLS,
|
||||||
|
TLSv1.1, TLSv1.2, etc).
|
||||||
|
'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully
|
||||||
|
before the target context is closed. Defaults to false.
|
||||||
|
|
||||||
|
'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW.
|
||||||
|
'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs).
|
||||||
|
'Read Timeout' - Duration of read timeout. (i.e. 10 secs).
|
||||||
|
|
||||||
|
'Url' - Url of the LDAP servier (i.e. ldap://<hostname>:<port>).
|
||||||
|
'User Search Base' - Base DN for searching for users (i.e. CN=Users,DC=example,DC=com).
|
||||||
|
'User Search Filter' - Filter for searching for users against the 'User Search Base'.
|
||||||
|
(i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'.
|
||||||
|
|
||||||
|
'Authentication Expiration' - The duration of how long the user authentication is valid
|
||||||
|
for. If the user never logs out, they will be required to log back in following
|
||||||
|
this duration.
|
||||||
|
-->
|
||||||
|
<!-- To enable the ldap-provider remove 2 lines. This is 1 of 2.
|
||||||
|
<provider>
|
||||||
|
<identifier>ldap-provider</identifier>
|
||||||
|
<class>org.apache.nifi.ldap.LdapProvider</class>
|
||||||
|
<property name="Authentication Strategy">START_TLS</property>
|
||||||
|
|
||||||
|
<property name="Manager DN"></property>
|
||||||
|
<property name="Manager Password"></property>
|
||||||
|
|
||||||
|
<property name="TLS - Keystore"></property>
|
||||||
|
<property name="TLS - Keystore Password"></property>
|
||||||
|
<property name="TLS - Keystore Type"></property>
|
||||||
|
<property name="TLS - Truststore"></property>
|
||||||
|
<property name="TLS - Truststore Password"></property>
|
||||||
|
<property name="TLS - Truststore Type"></property>
|
||||||
|
<property name="TLS - Client Auth"></property>
|
||||||
|
<property name="TLS - Protocol"></property>
|
||||||
|
<property name="TLS - Shutdown Gracefully"></property>
|
||||||
|
|
||||||
|
<property name="Referral Strategy">FOLLOW</property>
|
||||||
|
<property name="Connect Timeout">10 secs</property>
|
||||||
|
<property name="Read Timeout">10 secs</property>
|
||||||
|
|
||||||
|
<property name="Url"></property>
|
||||||
|
<property name="User Search Base"></property>
|
||||||
|
<property name="User Search Filter"></property>
|
||||||
|
|
||||||
|
<property name="Expiration Duration">1 day</property>
|
||||||
|
</provider>
|
||||||
|
To enable the ldap-provider remove 2 lines. This is 2 of 2. -->
|
||||||
</loginIdentityProviders>
|
</loginIdentityProviders>
|
|
@ -75,9 +75,9 @@ public class LdapProvider implements LoginIdentityProvider {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final void onConfigured(final LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException {
|
public final void onConfigured(final LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException {
|
||||||
final String rawExpiration = configurationContext.getProperty("Expiration Duration");
|
final String rawExpiration = configurationContext.getProperty("Authentication Expiration");
|
||||||
if (StringUtils.isBlank(rawExpiration)) {
|
if (StringUtils.isBlank(rawExpiration)) {
|
||||||
throw new ProviderCreationException("The Expiration Duration must be specified.");
|
throw new ProviderCreationException("The Authentication Expiration must be specified.");
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
Loading…
Reference in New Issue