You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "exceptionfactory (via GitHub)" <gi...@apache.org> on 2023/06/21 19:55:17 UTC

[GitHub] [nifi] exceptionfactory opened a new pull request, #7419: NIFI-11735 Refactor Identity Provider Groups Handling

exceptionfactory opened a new pull request, #7419:
URL: https://github.com/apache/nifi/pull/7419

   # Summary
   
   [NIFI-11735](https://issues.apache.org/jira/browse/NIFI-11735) Refactors integration with SAML and OIDC Identity Provider Group membership, replacing local H2 database storage with the addition of a `groups` claim to the Application Bearer Token.
   
   Both SAML and OIDC Providers follow a similar pattern for generating an application Bearer Token based on Identity Provider information. With recent enhancements SAML and OIDC support, both strategies support retrieving Identity Provider group information. The initial SAML integration added temporary H2 database persistence for Identity Provider groups, but following refactoring for improved Spring Security integration, this temporary persistence in H2 is no longer required.
   
   Instead of storing group membership information in H2 for subsequent retrieval on every request, the refactored approach appends the group names in a multi-valued `groups` claim as part of the standard NiFi application JSON Web Token.
   
   # Tracking
   
   Please complete the following tracking steps prior to pull request creation.
   
   ### Issue Tracking
   
   - [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created
   
   ### Pull Request Tracking
   
   - [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-00000`
   - [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-00000`
   
   ### Pull Request Formatting
   
   - [X] Pull Request based on current revision of the `main` branch
   - [X] Pull Request refers to a feature branch with one commit containing changes
   
   # Verification
   
   Please indicate the verification steps performed prior to pull request creation.
   
   ### Build
   
   - [X] Build completed using `mvn clean install -P contrib-check`
     - [X] JDK 17
   
   ### Licensing
   
   - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html)
   - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files
   
   ### Documentation
   
   - [ ] Documentation formatting appears as expected in rendered files
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] bbende merged pull request #7419: NIFI-11735 Refactor Identity Provider Groups Handling

Posted by "bbende (via GitHub)" <gi...@apache.org>.

bbende merged PR #7419:
URL: https://github.com/apache/nifi/pull/7419


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org