You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Baptiste Moisson (Jira)" <ji...@apache.org> on 2021/12/23 10:32:00 UTC
[jira] [Resolved] (NIFI-9510) Use OpenId with the new User Login Identity Provider feature
[ https://issues.apache.org/jira/browse/NIFI-9510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Baptiste Moisson resolved NIFI-9510.
------------------------------------
Resolution: Not A Problem
> Use OpenId with the new User Login Identity Provider feature
> ------------------------------------------------------------
>
> Key: NIFI-9510
> URL: https://issues.apache.org/jira/browse/NIFI-9510
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.15.1
> Reporter: Baptiste Moisson
> Priority: Major
>
> When I try to upgrade my version from 1.13.2 to 1.15.1 due to the log4j issue, I have got an issue with my authentication.
> I noticed on the migration guide that the following configuration is now set as default :
> {code:java}
> nifi.security.user.login.identity.provider=single-user-provider {code}
> and the connexion is now secure by default too.
> If I try to start Nifi with my OpenId parameters and with this default parameter, the following stack appear :
> {code:java}
> Caused by: java.lang.RuntimeException: OpenId Connect support cannot be enabled if the Login Identity Provider or Apache Knox SSO is configured.
> at org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.validateOIDCConfiguration(StandardOidcIdentityProvider.java:199)
> at
> (...){code}
> The documentation say this :
> |{{nifi.security.user.login.identity.provider}}|This indicates what type of login identity provider to use. The {*}+default value is blank+{*}, can be set to the identifier from a provider in the file specified in {{{}nifi.login.identity.provider.configuration.file{}}}. Setting this property will trigger NiFi to support username/password authentication.|
> So I putted the properties like this :
> {code:java}
> nifi.login.identity.provider.configuration.file=./conf/login-identity-providers.xml
> nifi.security.user.login.identity.provider= {code}
> with a blank value.
> Then I have got the following stack
>
> {code:java}
> Caused by: org.apache.nifi.authorization.exception.AuthorizerCreationException: SingleUserAuthorizer requires org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider to be configured
> at org.apache.nifi.authorization.single.user.SingleUserAuthorizer.initialize(SingleUserAuthorizer.java:91)
> at org.apache.nifi.authorization.AuthorizerFactoryBean.createAuthorizer(AuthorizerFactoryBean.java:369)
> at org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:159)
> at org.springframework.beans.fa {code}
> I think this is an issue because we can't left the nifi.security.user.login.identity.provider blank, but If we don't, we can't use the openId authentication.
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)