You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "macdoor615 (Jira)" <ji...@apache.org> on 2023/03/31 16:44:00 UTC
[jira] [Created] (NIFI-11370) Unable to connect to OIDC service using NiFi truststore
macdoor615 created NIFI-11370:
---------------------------------
Summary: Unable to connect to OIDC service using NiFi truststore
Key: NIFI-11370
URL: https://issues.apache.org/jira/browse/NIFI-11370
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework
Affects Versions: 1.21.0
Environment: NiFi 1.21.0 branch support/nifi-1.x commit 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0
openjdk version "11.0.18" 2023-01-17 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS, mixed mode, sharing)
Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Keycloak 20.0.2
Reporter: macdoor615
Attachments: invalid_id_token.png
My NiFi 1.20 servers are all using NiFi truststore when connecting to the OIDC service.
I set nifi.security.user.oidc.truststore.strategy in nifi.properties.
{code:java}
nifi.security.user.oidc.truststore.strategy=NIFI{code}
I upgraded to NiFi 1.21.0 commit 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0. and got this error
!invalid_id_token.png|width=1129,height=162!
I delete nifi.security.user.oidc.truststore.strategy property in nifi.properties, import certifacate into {{cacerts,}} and use Java’s default {{cacerts}} truststore. Then I can log in webui properly
--
This message was sent by Atlassian Jira
(v8.20.10#820010)