You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2023/06/21 19:56:00 UTC

[jira] [Updated] (NIFI-11735) Refactor Identity Provider Group Transfer to Bearer Token

     [ https://issues.apache.org/jira/browse/NIFI-11735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Handermann updated NIFI-11735:
------------------------------------
    Status: Patch Available  (was: Open)

> Refactor Identity Provider Group Transfer to Bearer Token
> ---------------------------------------------------------
>
>                 Key: NIFI-11735
>                 URL: https://issues.apache.org/jira/browse/NIFI-11735
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Security
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>             Fix For: 1.latest, 2.latest
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> SAML authentication introduced the concept of Identity User Groups and used a local H2 database for persisting group membership as part of the Identity Provider authentication process. Updates to OIDC authentication also added support for supplying group membership from the Identity Provider.
> Following implementation refactoring for both SAML and OIDC, the application Bearer Token generation and signing process has been streamlined. The streamlined approach allows the framework to pass the Identity Provider groups directly to the Bearer Token Provider, obviating the need for H2 database persistence.
> The integration approach should be refactored to remove the Identity Provider User Group persistence in H2, and instead pass the provider group membership through the application Bearer Token.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)