You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/01/07 21:13:01 UTC
[jira] [Commented] (NIFI-7924) Fallback claim(s) support in OIDC
based authentication
[ https://issues.apache.org/jira/browse/NIFI-7924?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17260831#comment-17260831 ]
ASF subversion and git services commented on NIFI-7924:
-------------------------------------------------------
Commit f330078fffd39feeb2b289f7e9de5113f9c78bb4 in nifi's branch refs/heads/main from sjyang18
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=f330078 ]
NIFI-7924 Add fallback claims for identifying user to OIDC provider
This closes #4630
Signed-off-by: Joey Frazee <jf...@apache.org>
> Fallback claim(s) support in OIDC based authentication
> ------------------------------------------------------
>
> Key: NIFI-7924
> URL: https://issues.apache.org/jira/browse/NIFI-7924
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.12.1
> Reporter: Seokwon Yang
> Assignee: Seokwon Yang
> Priority: Minor
> Time Spent: 3h 40m
> Remaining Estimate: 0h
>
> Currently, 'nifi.security.user.oidc.claim.identifying.user' NiFi configuration sets only one claim to bind ID token to username. There are corner-case where fallback claim should search in case the configured claim is not found in ID token.
> For example, not all user directory objects has email address in Azure Activity Directory ([https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#email]). We need a fallback claim support so that when there is no email address claim available for a user, the OIDC identity provider should pick up fallback claim(s) for the user name. For other users with emails, it should continue to use the configured claim to set user name.
>
> I will introduce 'nifi.security.user.oidc.fallback.claims.identifying.user' in NiFi properties and implement the fallback logic .
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)