You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "macdoor615 (Jira)" <ji...@apache.org> on 2023/03/31 16:44:00 UTC

[jira] [Created] (NIFI-11370) Unable to connect to OIDC service using NiFi truststore

macdoor615 created NIFI-11370:
---------------------------------

             Summary: Unable to connect to OIDC service using NiFi truststore
                 Key: NIFI-11370
                 URL: https://issues.apache.org/jira/browse/NIFI-11370
             Project: Apache NiFi
          Issue Type: Bug
          Components: Core Framework
    Affects Versions: 1.21.0
         Environment: NiFi 1.21.0 branch support/nifi-1.x commit 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0
openjdk version "11.0.18" 2023-01-17 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS, mixed mode, sharing)
Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Keycloak 20.0.2
            Reporter: macdoor615
         Attachments: invalid_id_token.png

My NiFi 1.20 servers are all using NiFi truststore when connecting to the OIDC service. 

I set nifi.security.user.oidc.truststore.strategy in nifi.properties.

 
{code:java}
nifi.security.user.oidc.truststore.strategy=NIFI{code}
 

I upgraded to NiFi 1.21.0 commit 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0. and got this error

!invalid_id_token.png|width=1129,height=162!

I delete nifi.security.user.oidc.truststore.strategy property in nifi.properties, import certifacate into {{cacerts,}} and use Java’s default {{cacerts}} truststore. Then I can log in webui properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)