You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/07/07 19:38:00 UTC

[jira] [Commented] (NIFI-7332) Improve communication to user when OIDC response does not contain usable claims

    [ https://issues.apache.org/jira/browse/NIFI-7332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17153050#comment-17153050 ] 

ASF subversion and git services commented on NIFI-7332:
-------------------------------------------------------

Commit aa741cc5967f62c3c38c2a47e712b7faa6fe19ff in nifi's branch refs/heads/master from mtien
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=aa741cc ]

NIFI-7332 Added method to log available claim names from the ID provider response when the OIDC Identifying User claim is not found. Revised log message to print available claims.
Added new StandardOidcIdentityProviderGroovyTest file.
Updated deprecated methods in StandardOidcIdentityProvider. Changed log output to print all available claim names from JWTClaimsSet. Added unit test.
Added comments in getAvailableClaims() method.
Fixed typos in NiFi Docs Admin Guide.
Added license to Groovy test.
Fixed a checkstyle error.
Refactor exchangeAuthorizationCode method.
Added unit tests.
Verified all unit tests added so far are passing.
Refactored code. Added unit tests.
Refactored OIDC provider to decouple constructor & network-dependent initialization.
Added unit tests.
Added unit tests.
Refactored OIDC provider to separately authorize the client. Added unit tests.
Added unit tests.

NIFI-7332 Refactored exchangeAuthorizationCode method to separately retrieve the NiFi JWT.

Signed-off-by: Nathan Gough <th...@gmail.com>

This closes #4344.


> Improve communication to user when OIDC response does not contain usable claims
> -------------------------------------------------------------------------------
>
>                 Key: NIFI-7332
>                 URL: https://issues.apache.org/jira/browse/NIFI-7332
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework, Security
>    Affects Versions: 1.11.4
>            Reporter: Andy LoPresto
>            Assignee: M Tien
>            Priority: Major
>              Labels: oidc, security
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> The messaging displayed to the user/admin does not clearly indicate the problem if the OIDC response does not contain a claim that NiFi is configured to use (i.e. NiFi expects an {{email}} claim but the user does not have an email configured on the OIDC IdP). 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)