I have two nifi nodes I want to run behind an AWS Application Load Balancer. This type of load balancer decrypts the incoming request to parse it, then re-encrypts with it's own cert.
I'm having issues getting the Nifi to recognize the user making a request since the requests always come in with the LB cert instead of the original users cert. I'm wondering if Nifi already has a means of handling this, for instance is it possible to have my LB set a header to specify the DN of the user's cert and have nifi authenticate first the LB DN and, if that passes, the header?
I am aware that the other two types of load balancers provided by AWS would in theory work, so long as I updated the SAN of the nifi certs to include the LB DN. However, I have reasons I would prefer to stick to an ALB. Is their any viable manner to properly authenticate users behind an ALB?
