You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2020/11/03 15:05:39 UTC

[GitHub] [nifi] bbende commented on pull request #4614: NIFI-7888 Add support for SAML authentication

bbende commented on pull request #4614:
URL: https://github.com/apache/nifi/pull/4614#issuecomment-721184741


   @mcgilman @thenatog added some additional commits to address some of the review feedback and improve a few things I ran into while testing, here is a summary of the changes...
   
   - Refactored some of the DB operations to have "replace" methods instead of calling "delete" and "create" in separate transactions where one could succeed and the second could fail
   
   - Added properties for configuring the values of `AuthnRequestsSigned` and `WantAssertionsSigned` for the service provider metadata that is generated for nifi at /nifi-api/access/saml/metadata
       ```
       nifi.security.user.saml.request.signing.enabled=false
       nifi.security.user.saml.want.assertions.signed=true
       ```
   - Remove the property for specifying the signing key alias, it now inspects the keystore and finds the private key entry and gets the alias automatically, if more than one private key entry exists then an exception is thrown (nifi already assumes a single private key in the keystore)
   
   - Added a property for specifying an attribute to obtain the user identity from, if an attribute is not specified or if the attribute is not found in the response, then the Subject NameID is used by default
       `nifi.security.user.saml.identity.attribute.name=`


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org