You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2023/06/22 15:08:00 UTC

[jira] [Commented] (NIFI-11735) Refactor Identity Provider Group Transfer to Bearer Token

    [ https://issues.apache.org/jira/browse/NIFI-11735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17736164#comment-17736164 ] 

ASF subversion and git services commented on NIFI-11735:
--------------------------------------------------------

Commit 0f736e060a3d1e0bba7b8d0e73d2f77908e9e3e7 in nifi's branch refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=0f736e060a ]

NIFI-11735 Refactored Identity Provider Groups Handling (#7419)

- Removed H2 database approach in favor of passing groups in Application Bearer Token

> Refactor Identity Provider Group Transfer to Bearer Token
> ---------------------------------------------------------
>
>                 Key: NIFI-11735
>                 URL: https://issues.apache.org/jira/browse/NIFI-11735
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Security
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>             Fix For: 1.latest, 2.latest
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> SAML authentication introduced the concept of Identity User Groups and used a local H2 database for persisting group membership as part of the Identity Provider authentication process. Updates to OIDC authentication also added support for supplying group membership from the Identity Provider.
> Following implementation refactoring for both SAML and OIDC, the application Bearer Token generation and signing process has been streamlined. The streamlined approach allows the framework to pass the Identity Provider groups directly to the Bearer Token Provider, obviating the need for H2 database persistence.
> The integration approach should be refactored to remove the Identity Provider User Group persistence in H2, and instead pass the provider group membership through the application Bearer Token.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)