You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Joe Witt (Jira)" <ji...@apache.org> on 2023/03/31 16:55:00 UTC
[jira] [Commented] (NIFI-11370) Unable to connect to OIDC service using NiFi truststore
[ https://issues.apache.org/jira/browse/NIFI-11370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17707353#comment-17707353 ]
Joe Witt commented on NIFI-11370:
---------------------------------
both issues related. need to run this down before RC2. Assigned to Handermann consistent with other related JIRAs.
cc [~exceptionfactory][~mcgilman]
> Unable to connect to OIDC service using NiFi truststore
> -------------------------------------------------------
>
> Key: NIFI-11370
> URL: https://issues.apache.org/jira/browse/NIFI-11370
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 branch support/nifi-1.x commit 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
> Reporter: macdoor615
> Assignee: David Handermann
> Priority: Major
> Fix For: 2.0.0, 1.21.0
>
> Attachments: invalid_id_token.png
>
>
> My NiFi 1.20 servers are all using NiFi truststore when connecting to the OIDC service.
> I set nifi.security.user.oidc.truststore.strategy in nifi.properties.
>
> {code:java}
> nifi.security.user.oidc.truststore.strategy=NIFI{code}
>
> I upgraded to NiFi 1.21.0 commit 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0. and got this error
> !invalid_id_token.png|width=1129,height=162!
> I delete nifi.security.user.oidc.truststore.strategy property in nifi.properties, import certifacate into {{cacerts,}} and use Java’s default {{cacerts}} truststore. Then I can log in webui properly
--
This message was sent by Atlassian Jira
(v8.20.10#820010)