{"id":19427747,"url":"https://github.com/zeroae/nifi-cognito-bundle","last_synced_at":"2025-10-27T12:10:15.664Z","repository":{"id":50392280,"uuid":"480108703","full_name":"zeroae/nifi-cognito-bundle","owner":"zeroae","description":"NiFi Authorization Extension using AWS Cognito","archived":false,"fork":false,"pushed_at":"2022-08-11T18:20:45.000Z","size":131,"stargazers_count":0,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-01-07T19:43:54.793Z","etag":null,"topics":["cognito","nifi","nifi-registry"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zeroae.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-04-10T18:44:09.000Z","updated_at":"2022-05-03T11:32:23.000Z","dependencies_parsed_at":"2022-09-19T10:20:34.472Z","dependency_job_id":null,"html_url":"https://github.com/zeroae/nifi-cognito-bundle","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroae%2Fnifi-cognito-bundle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroae%2Fnifi-cognito-bundle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroae%2Fnifi-cognito-bundle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroae%2Fnifi-cognito-bundle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zeroae","download_url":"https://codeload.github.com/zeroae/nifi-cognito-bundle/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240607621,"owners_count":19828270,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cognito","nifi","nifi-registry"],"created_at":"2024-11-10T14:12:46.423Z","updated_at":"2025-10-27T12:10:10.613Z","avatar_url":"https://github.com/zeroae.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nifi-cognito-bundle\nNiFi Authorization Extension using AWS Cognito\n\n## Build/Install Instructions\n1. Ensure you have AWS Credentials available\n    ```\n    mvn clean install\n    ```\n2. The binaries are located in `nifi-cognito-nar/target` and `nifi-registry-cognito-assembly`\n\n## Usage\n1. Add new `userGroupProvider` and `accessPolicyProvider` elements to `authorizers.xml`.\n    ```xml\n    \u003cauthorizers\u003e\n        \u003c!-- \n            The CognitoUserGroupProvider provides User and Group Management backed by AWS Cognito.\n   \n            - AWS Credentials File - The file where AWS Credentials can be found. If not defined it will use the standard \n                AWS credentials provider path.\n   \n            - User Pool - The Cognito User Pool Id where to store the Users and Groups\n   \n            - Add User \u003cuser-uuid\u003e - The identity of an initial user to populate the backend.\n                NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the user identity,\n                so the value should be the unmapped identity.\n           \n            - Add Group \u003cgroup-uuid\u003e - The identity of an initial group to populate the backend.\n                NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the group identity,\n                so the value should be the unmapped identity.\n   \n            - Add Users To Group \u003cgroup-uuid\u003e - A comma separated list of user identifiers to add to the given group.\n                NOTE: The User Ids *must* be one of the 'Add User \u003cuser-uuid\u003e' entries.\n        --\u003e\n        \u003cuserGroupProvider\u003e\n            \u003cidentifier\u003ecognito-configurable-user-group-provider\u003c/identifier\u003e\n            \u003cclass\u003eco.zeroae.nifi.authorization.cognito.CognitoUserGroupProvider\u003c/class\u003e\n            \u003c!-- Use this class for the NiFi Registry\n            \u003cclass\u003eco.zeroae.nifi.registry.authorization.cognito.CognitoUserGroupProvider\u003c/class\u003e\n            --\u003e\n            \u003cproperty name=\"AWS Credentials File\"\u003e./conf/bootstrap-aws.conf\u003c/property\u003e\n            \u003cproperty name=\"User Pool\"\u003eus-east-1_XXXXXXX\u003c/property\u003e\n            \u003cproperty name=\"Page Size\"\u003e50\u003c/property\u003e\n            \u003cproperty name=\"Add User \u003cUUID:1\u003e\"\u003eCN=administrator, OU=NIFI\u003c/property\u003e\n            \u003cproperty name=\"Add User \u003cUUID:2\u003e\"\u003eCN=localhost, OU=NIFI\u003c/property\u003e\n            \u003cproperty name=\"Add User \u003cUUID:3\u003e\"\u003eCN=localhost2, OU=NIFI\u003c/property\u003e\n            \u003cproperty name=\"Add Group \u003cUUID:4\u003e\"\u003eCluster\u003c/property\u003e\n            \u003cproperty name=\"Add Users To Group \u003cUUID:4\u003e\"\u003e\n                UUID:2,\n                UUID:3\n            \u003c/property\u003e\n        \u003c/userGroupProvider\u003e\n        \u003c!--\n        The CognitoAccessPolicyProvider provides Access Policy Management backed by AWS Cognito.\n   \n            - AWS Credentials File - The file where AWS Credentials can be found. If not defined it will use the standard \n                AWS credentials provider path.\n   \n            - User Pool - The *same* Cognito User Pool Id where the Users and Groups are stored.\n   \n            - Tenant Id - An id to attach to every Access Policy stored in the User Pool. Must be the same for nodes \n                of the same cluster. If two clusters share the same tenant id then they will share the access policies.\n   \n            - User Group Provider - The identifier of the Cognito User Group Provider defined above.\n   \n            - Initial Admin Identity \u003cuser-uuid\u003e - The identity of the initial admin user. The user must already exist\n                on the backend. \n                NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the user identity,\n                so the value should be the unmapped identity.\n           \n            - Node Group - The name of a group containing NiFi cluster nodes. \n                The typical use for this is when nodes are dynamically added/removed from the cluster.\n                NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the group identity,\n                so the value should be the unmapped identity.\n        --\u003e\n        \u003caccessPolicyProvider\u003e\n            \u003cidentifier\u003ecognito-access-policy-provider\u003c/identifier\u003e\n            \u003cclass\u003eco.zeroae.nifi.authorization.cognito.CognitoAccessPolicyProvider\u003c/class\u003e\n            \u003c!-- Use this class for the NiFi Registry\n            \u003cclass\u003eco.zeroae.nifi.registry.authorization.cognito.CognitoUserGroupProvider\u003c/class\u003e\n            --\u003e\n            \u003cproperty name=\"AWS Credentials File\"\u003e./conf/bootstrap-aws.conf\u003c/property\u003e\n            \u003cproperty name=\"User Pool\"\u003eus-east-1_edD0TJEd0\u003c/property\u003e\n            \u003cproperty name=\"User Group Provider\"\u003ecognito-configurable-user-group-provider\u003c/property\u003e\n            \u003cproperty name=\"Initial Admin Identity\"\u003eCN=administrator, OU=NIFI\u003c/property\u003e\n            \u003cproperty name=\"Node Group\"\u003eCluster\u003c/property\u003e\n        \u003c/accessPolicyProvider\u003e\n    \u003c/authorizers\u003e\n    ```\n   \n2. Updadte `nifi.properties` \n    ```properties\n    nifi.nar.library.directory.cognito=\u003cpath-to\u003e/nifi-cognito-bundle/nifi-cognito-nar/target\n    nifi.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?)$\n    nifi.security.identity.mapping.value.dn=$1@$2\n    nifi.security.identity.mapping.transform.dn=LOWER\n    ```\n\n3. Update `nifi-registry.properties`\n    ```properties\n    nifi.registry.extension.dir.cognito=\u003cpath-to\u003e/nifi-cognito-bundle/nifi-registry-cognito-assembly/target/cognito/lib\n    nifi.registry.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?)$\n    nifi.registry.security.identity.mapping.value.dn=$1@$2\n    nifi.registry.security.identity.mapping.transform.dn=LOWER\n    ```\n   \n4. Start NiFi and the Registry","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzeroae%2Fnifi-cognito-bundle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzeroae%2Fnifi-cognito-bundle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzeroae%2Fnifi-cognito-bundle/lists"}