You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Andy LoPresto (Jira)" <ji...@apache.org> on 2020/04/07 18:25:00 UTC

[jira] [Created] (NIFI-7333) OIDC provider should use NiFi keystore & truststore

Andy LoPresto created NIFI-7333:
-----------------------------------

             Summary: OIDC provider should use NiFi keystore & truststore
                 Key: NIFI-7333
                 URL: https://issues.apache.org/jira/browse/NIFI-7333
             Project: Apache NiFi
          Issue Type: Bug
          Components: Core Framework, Security
    Affects Versions: 1.11.4
            Reporter: Andy LoPresto


The OIDC provider uses generic HTTPS requests to the OIDC IdP, but does not configure these requests to use the NiFi keystore or truststore. Rather, it uses the default JVM keystore and truststore, which leads to difficulty debugging PKIX and other TLS negotiation errors. It should be switched to use the NiFi keystore and truststore as other NiFi framework services do. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)