Login Identity Provider

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Login Identity Provider

Jamie Wang
Hi,

In NiFi 1.4.0, I see login for LDAP and Kerberos are supported. I am integrating nifi as part of our systems of products to interoperable with each other. We want to use our product's built-in login facility as the authentication mechanism.  Since LoginIdentityProvider is a pluggable component, is there any API support for us to develop our own pluggable LoginIdentifyProvider? If so, is there any example or how do I proceed with this? Appreciate any input or pointers you may have.

p.s. Sometimes ago, I asked the group if anyone had load the Nifi into their own process and I didn't get any answer. I assumed no one tried.... Anyway, it is possible to load nifi into your own process and we have done that. The login is one another thing we want to integrate with our product.

Thanks.
Jamie
Reply | Threaded
Open this post in threaded view
|

Re: Login Identity Provider

Bryan Bende
Jamie,

You can definitely implement your own LoginIdentityProvider...

It should work just like any other extension point, meaning you build
a NAR with your extension in it and drop it in the lib directory.

We don't have an archetype for this, but you could probably start with
the processor archetype and then rename the services file in META-INF
accordingly, and change the example processor to a
LoginIdentityProvider.

After that you drop your NAR into the lib directory, add your config
section to login-identity-providers.xml, and reference the id in
nifi.properties, just like any of the others.

The LDAP and Kerberos providers both are setup like this so you can
take a look at their code:

https://github.com/apache/nifi/tree/master/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle
https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/resources/META-INF/services/org.apache.nifi.authentication.LoginIdentityProvider
https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java

Thanks,

Bryan


On Tue, Nov 14, 2017 at 4:10 PM, Jamie Wang <[hidden email]> wrote:
> Hi,
>
> In NiFi 1.4.0, I see login for LDAP and Kerberos are supported. I am integrating nifi as part of our systems of products to interoperable with each other. We want to use our product's built-in login facility as the authentication mechanism.  Since LoginIdentityProvider is a pluggable component, is there any API support for us to develop our own pluggable LoginIdentifyProvider? If so, is there any example or how do I proceed with this? Appreciate any input or pointers you may have.
>
> p.s. Sometimes ago, I asked the group if anyone had load the Nifi into their own process and I didn't get any answer. I assumed no one tried.... Anyway, it is possible to load nifi into your own process and we have done that. The login is one another thing we want to integrate with our product.
>
> Thanks.
> Jamie
Reply | Threaded
Open this post in threaded view
|

RE: [EXTERNAL] - Re: Login Identity Provider

Jamie Wang
Thank you Bryan. Appreciate it.

-----Original Message-----
From: Bryan Bende [mailto:[hidden email]]
Sent: Tuesday, November 14, 2017 1:35 PM
To: [hidden email]
Subject: [EXTERNAL] - Re: Login Identity Provider

Jamie,

You can definitely implement your own LoginIdentityProvider...

It should work just like any other extension point, meaning you build a NAR with your extension in it and drop it in the lib directory.

We don't have an archetype for this, but you could probably start with the processor archetype and then rename the services file in META-INF accordingly, and change the example processor to a LoginIdentityProvider.

After that you drop your NAR into the lib directory, add your config section to login-identity-providers.xml, and reference the id in nifi.properties, just like any of the others.

The LDAP and Kerberos providers both are setup like this so you can take a look at their code:

https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_nifi_tree_master_nifi-2Dnar-2Dbundles_nifi-2Dldap-2Diaa-2Dproviders-2Dbundle&d=DwIFaQ&c=ZgVRmm3mf2P1-XDAyDsu4A&r=TauVD_Op4rvIkArzdRrvTf-yuf4tmnM8R0LshdIDMbA&m=FyJ2KM0rSEFy5gh3iqIKRrtrHSMJ-PIf26eIrwqCGqY&s=-6LiVAO49CckQqrCCrlPqF7iR96DptS2uZWAkPq5Znw&e=
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_nifi_blob_master_nifi-2Dnar-2Dbundles_nifi-2Dldap-2Diaa-2Dproviders-2Dbundle_nifi-2Dldap-2Diaa-2Dproviders_src_main_resources_META-2DINF_services_org.apache.nifi.authentication.LoginIdentityProvider&d=DwIFaQ&c=ZgVRmm3mf2P1-XDAyDsu4A&r=TauVD_Op4rvIkArzdRrvTf-yuf4tmnM8R0LshdIDMbA&m=FyJ2KM0rSEFy5gh3iqIKRrtrHSMJ-PIf26eIrwqCGqY&s=qODzc1nWLvrc3v726ruDUpntW7Yd7E5Iv1_Bpc-e4NY&e=
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_nifi_blob_master_nifi-2Dnar-2Dbundles_nifi-2Dldap-2Diaa-2Dproviders-2Dbundle_nifi-2Dldap-2Diaa-2Dproviders_src_main_java_org_apache_nifi_ldap_LdapProvider.java&d=DwIFaQ&c=ZgVRmm3mf2P1-XDAyDsu4A&r=TauVD_Op4rvIkArzdRrvTf-yuf4tmnM8R0LshdIDMbA&m=FyJ2KM0rSEFy5gh3iqIKRrtrHSMJ-PIf26eIrwqCGqY&s=7VdbMbZ4_lmPHiy93uA5B9cCWp3oG5Ew0mDswk0Pv5c&e=

Thanks,

Bryan


On Tue, Nov 14, 2017 at 4:10 PM, Jamie Wang <[hidden email]> wrote:
> Hi,
>
> In NiFi 1.4.0, I see login for LDAP and Kerberos are supported. I am integrating nifi as part of our systems of products to interoperable with each other. We want to use our product's built-in login facility as the authentication mechanism.  Since LoginIdentityProvider is a pluggable component, is there any API support for us to develop our own pluggable LoginIdentifyProvider? If so, is there any example or how do I proceed with this? Appreciate any input or pointers you may have.
>
> p.s. Sometimes ago, I asked the group if anyone had load the Nifi into their own process and I didn't get any answer. I assumed no one tried.... Anyway, it is possible to load nifi into your own process and we have done that. The login is one another thing we want to integrate with our product.
>
> Thanks.
> Jamie