You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Baptiste Moisson (Jira)" <ji...@apache.org> on 2021/12/23 10:32:00 UTC

[jira] [Resolved] (NIFI-9510) Use OpenId with the new User Login Identity Provider feature

     [ https://issues.apache.org/jira/browse/NIFI-9510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Baptiste Moisson resolved NIFI-9510.
------------------------------------
    Resolution: Not A Problem

> Use OpenId with the new User Login Identity Provider feature
> ------------------------------------------------------------
>
>                 Key: NIFI-9510
>                 URL: https://issues.apache.org/jira/browse/NIFI-9510
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.15.1
>            Reporter: Baptiste Moisson
>            Priority: Major
>
> When I try to upgrade my version from 1.13.2 to 1.15.1 due to the log4j issue, I have got an issue with my authentication. 
> I noticed on the migration guide that the following configuration is now set as default : 
> {code:java}
> nifi.security.user.login.identity.provider=single-user-provider {code}
> and the connexion is now secure by default too. 
> If I try to start Nifi with my OpenId parameters and with this default parameter, the following stack appear : 
> {code:java}
> Caused by: java.lang.RuntimeException: OpenId Connect support cannot be enabled if the Login Identity Provider or Apache Knox SSO is configured.
>         at org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.validateOIDCConfiguration(StandardOidcIdentityProvider.java:199)
>         at 
> (...){code}
> The documentation say this : 
> |{{nifi.security.user.login.identity.provider}}|This indicates what type of login identity provider to use. The {*}+default value is blank+{*}, can be set to the identifier from a provider in the file specified in {{{}nifi.login.identity.provider.configuration.file{}}}. Setting this property will trigger NiFi to support username/password authentication.|
> So I putted the properties like this : 
> {code:java}
> nifi.login.identity.provider.configuration.file=./conf/login-identity-providers.xml
> nifi.security.user.login.identity.provider= {code}
> with a blank value. 
> Then I have got the following stack 
>  
> {code:java}
> Caused by: org.apache.nifi.authorization.exception.AuthorizerCreationException: SingleUserAuthorizer requires org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider to be configured
>         at org.apache.nifi.authorization.single.user.SingleUserAuthorizer.initialize(SingleUserAuthorizer.java:91)
>         at org.apache.nifi.authorization.AuthorizerFactoryBean.createAuthorizer(AuthorizerFactoryBean.java:369)
>         at org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:159)
>         at org.springframework.beans.fa {code}
> I think this is an issue because we can't left the nifi.security.user.login.identity.provider blank, but If we don't, we can't use the openId authentication.
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)