You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2022/08/11 20:08:31 UTC
[GitHub] [nifi] exceptionfactory opened a new pull request, #6295: NIFI-10350 Corrected Registry User Authorization for OIDC
exceptionfactory opened a new pull request, #6295:
URL: https://github.com/apache/nifi/pull/6295
# Summary
[NIFI-10350](https://issues.apache.org/jira/browse/NIFI-10350) Corrects NiFi Registry user authorization determination when authenticating using OpenID Connect.
The current implementation refreshes the Registry Configuration after successful username and password authentication with LDAP or Kerberos, but does not refresh the configuration after OIDC authentication.
The solution moves the Registry Configuration refresh to the shared `checkLogin` functions, which incorporate a ticket exchange request to an OIDC provider when configured. This approach ensures that the user interface has the current Registry Configuration regardless of the authentication strategy.
# Tracking
Please complete the following tracking steps prior to pull request creation.
### Issue Tracking
- [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created
### Pull Request Tracking
- [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-00000`
- [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-00000`
### Pull Request Formatting
- [X] Pull Request based on current revision of the `main` branch
- [X] Pull Request refers to a feature branch with one commit containing changes
# Verification
Please indicate the verification steps performed prior to pull request creation.
### Build
- [ ] Build completed using `mvn clean install -P contrib-check`
- [X] JDK 8
- [ ] JDK 11
- [ ] JDK 17
### Licensing
- [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html)
- [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files
### Documentation
- [ ] Documentation formatting appears as expected in rendered files
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nifi] thenatog commented on pull request #6295: NIFI-10350 Corrected Registry User Authorization for OIDC
Posted by GitBox <gi...@apache.org>.
thenatog commented on PR #6295:
URL: https://github.com/apache/nifi/pull/6295#issuecomment-1222662055
Will review
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nifi] thenatog commented on a diff in pull request #6295: NIFI-10350 Corrected Registry User Authorization for OIDC
Posted by GitBox <gi...@apache.org>.
thenatog commented on code in PR #6295:
URL: https://github.com/apache/nifi/pull/6295#discussion_r951843630
##########
nifi-registry/nifi-registry-core/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth-guard.service.js:
##########
@@ -78,6 +78,11 @@ NfRegistryUsersAdministrationAuthGuard.prototype = {
// render the logout button if there is a token locally
if (self.nfStorage.getItem('jwt') !== null) {
self.nfRegistryService.currentUser.canLogout = true;
+
+ // Update Registry Configuration following successful login
+ self.nfRegistryApi.getRegistryConfig().subscribe(function (registryConfig) {
Review Comment:
An unfortunate amount of duplication in this file, maybe it could be refactored in future.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nifi] thenatog commented on pull request #6295: NIFI-10350 Corrected Registry User Authorization for OIDC
Posted by GitBox <gi...@apache.org>.
thenatog commented on PR #6295:
URL: https://github.com/apache/nifi/pull/6295#issuecomment-1222882473
Tested out OIDC login/logout and that the Add User button works as expected, appears to show flows/buckets correctly. +1 will merge.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nifi] thenatog closed pull request #6295: NIFI-10350 Corrected Registry User Authorization for OIDC
Posted by GitBox <gi...@apache.org>.
thenatog closed pull request #6295: NIFI-10350 Corrected Registry User Authorization for OIDC
URL: https://github.com/apache/nifi/pull/6295
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org