You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Joe Witt (Jira)" <ji...@apache.org> on 2023/03/31 16:55:00 UTC

[jira] [Commented] (NIFI-11370) Unable to connect to OIDC service using NiFi truststore

    [ https://issues.apache.org/jira/browse/NIFI-11370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17707353#comment-17707353 ] 

Joe Witt commented on NIFI-11370:
---------------------------------

both issues related.  need to run this down before RC2.   Assigned to Handermann consistent with other related JIRAs.

cc [~exceptionfactory][~mcgilman]

> Unable to connect to OIDC service using NiFi truststore
> -------------------------------------------------------
>
>                 Key: NIFI-11370
>                 URL: https://issues.apache.org/jira/browse/NIFI-11370
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.21.0
>         Environment: NiFi 1.21.0 branch support/nifi-1.x commit 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>            Reporter: macdoor615
>            Assignee: David Handermann
>            Priority: Major
>             Fix For: 2.0.0, 1.21.0
>
>         Attachments: invalid_id_token.png
>
>
> My NiFi 1.20 servers are all using NiFi truststore when connecting to the OIDC service. 
> I set nifi.security.user.oidc.truststore.strategy in nifi.properties.
>  
> {code:java}
> nifi.security.user.oidc.truststore.strategy=NIFI{code}
>  
> I upgraded to NiFi 1.21.0 commit 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0. and got this error
> !invalid_id_token.png|width=1129,height=162!
> I delete nifi.security.user.oidc.truststore.strategy property in nifi.properties, import certifacate into {{cacerts,}} and use Java’s default {{cacerts}} truststore. Then I can log in webui properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)