You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Hung Nguyen Thuan (Jira)" <ji...@apache.org> on 2023/03/26 02:33:00 UTC
[jira] [Commented] (NIFI-11343) Improve the flexibility and compatibility of OIDC integration
[ https://issues.apache.org/jira/browse/NIFI-11343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17705021#comment-17705021 ]
Hung Nguyen Thuan commented on NIFI-11343:
------------------------------------------
I have discussed with [~exceptionfactory] on [Slack|https://apachenifi.slack.com/archives/C0L9UPWJZ/p1679788145344649].
> Improve the flexibility and compatibility of OIDC integration
> -------------------------------------------------------------
>
> Key: NIFI-11343
> URL: https://issues.apache.org/jira/browse/NIFI-11343
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core UI, Security
> Affects Versions: 1.20.0
> Environment: JDK: 11
> Browser: Chrome / Firefox / Edge
> Configuration of NiFi: OIDC with AWS Cognito
> Reporter: Hung Nguyen Thuan
> Priority: Minor
> Fix For: 2.latest
>
> Attachments: Superset_OIDC.png
>
>
> There are some OIDC providers that do not support for OIDC RP-Initiated Logout such as AWS Cognito. Therefore, when I try to integrate AWS Cognito with Nifi, the login function works well but the logout function does not. It would be nice if Apache Nifi could provide a way to configure OIDC more flexibly and compatibly with many OIDC providers. For example, in Apache Superset configuration (or Flask App Builder), it allows to enter ODIC configuration as the attached image. User can define authorize/request/refresh/logout URLs if they are not returned fromĀ
> {code:java}
> https://<oidc_provider_host>/.well-known/openid-configuration{code}
> Or Nifi could add new properties to configure logout/refresh token URLs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)