You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2023/06/21 17:25:00 UTC

[jira] [Created] (NIFI-11735) Refactor Identity Provider Group Transfer to Bearer Token

David Handermann created NIFI-11735:
---------------------------------------

             Summary: Refactor Identity Provider Group Transfer to Bearer Token
                 Key: NIFI-11735
                 URL: https://issues.apache.org/jira/browse/NIFI-11735
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Core Framework, Security
            Reporter: David Handermann
            Assignee: David Handermann
             Fix For: 1.latest, 2.latest


SAML authentication introduced the concept of Identity User Groups and used a local H2 database for persisting group membership as part of the Identity Provider authentication process. Updates to OIDC authentication also added support for supplying group membership from the Identity Provider.

Following implementation refactoring for both SAML and OIDC, the application Bearer Token generation and signing process has been streamlined. The streamlined approach allows the framework to pass the Identity Provider groups directly to the Bearer Token Provider, obviating the need for H2 database persistence.

The integration approach should be refactored to remove the Identity Provider User Group persistence in H2, and instead pass the provider group membership through the application Bearer Token.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)