You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "W Chang (Jira)" <ji...@apache.org> on 2020/09/01 22:27:00 UTC

[jira] [Commented] (NIFI-7765) Toolket CLI OpenID Connect Support

    [ https://issues.apache.org/jira/browse/NIFI-7765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17188839#comment-17188839 ] 

W Chang commented on NIFI-7765:
-------------------------------

I tested the client_cert.p12 file using the curl and it could establish SSL connection.  However, nifi cli authentication using the user certificate does not work.

So, I also tried "Proxied Entity" method.  To do that, I added "clientAuth" to "Extended Key Usage" and got the server certificate certified by my company.   
{code:java}
extendedKeyUsage = serverAuth, clientAuth{code}
However, when nifi was started using the new certificate, nifi did not use OIDC for authentication and used my computer certificate automatically.  So I had to add the owner of the certificate to the nifi user list and make it as the admin to login to the nifi UI.

Then I added the owner of the server certificate to the nifi user list, and "Access the controller" and "Proxy user request" policies.  After the configuration, the cli authentication using "Proxied Entity" works.

The current issue with this approach is that authentication using OIDC does not work.   Would you have any ideas on this issue?  Thanks.

 

> Toolket CLI OpenID Connect Support
> ----------------------------------
>
>                 Key: NIFI-7765
>                 URL: https://issues.apache.org/jira/browse/NIFI-7765
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.11.4
>         Environment: CentOS Linux 7
>            Reporter: W Chang
>            Priority: Major
>              Labels: Authentication, CLI, Connect, OIDC, OpenID
>
> When a NiFi or a Registry instance is configured for OpenID Connect authentication, a user cannot authenticate to the secure NiFi or the secure Registry using Toolkit CLI to use CLI commands.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)