You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2018/01/17 15:55:44 UTC

nifi git commit: NIFI-4781: Updated ClientAuthenticationMethod as optional field response from OpenID provider. This closes #2213

Repository: nifi
Updated Branches:
  refs/heads/master 7c1ce1722 -> 790f14b8e


NIFI-4781: Updated ClientAuthenticationMethod as optional field response from OpenID provider. This closes #2213


Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/790f14b8
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/790f14b8
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/790f14b8

Branch: refs/heads/master
Commit: 790f14b8ef77740fc79839f51a3521db39afde09
Parents: 7c1ce17
Author: Senthilannaswamy <se...@accenture.com>
Authored: Tue Oct 10 13:05:48 2017 +0530
Committer: Matt Gilman <ma...@gmail.com>
Committed: Wed Jan 17 10:55:11 2018 -0500

----------------------------------------------------------------------
 .../security/oidc/StandardOidcIdentityProvider.java | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/nifi/blob/790f14b8/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java
index 62e0c0c..02ed1ff 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java
@@ -61,6 +61,7 @@ import org.slf4j.LoggerFactory;
 import java.io.IOException;
 import java.net.URI;
 import java.net.URL;
+import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.List;
@@ -68,6 +69,7 @@ import java.util.concurrent.TimeUnit;
 
 import static com.nimbusds.openid.connect.sdk.claims.UserInfo.EMAIL_CLAIM_NAME;
 
+
 /**
  * OidcProvider for managing the OpenId Connect Authorization flow.
  */
@@ -163,11 +165,15 @@ public class StandardOidcIdentityProvider implements OidcIdentityProvider {
             }
 
             // ensure the oidc provider supports basic or post client auth
-            final List<ClientAuthenticationMethod> clientAuthenticationMethods = oidcProviderMetadata.getTokenEndpointAuthMethods();
-            if (clientAuthenticationMethods == null
-                    || (!clientAuthenticationMethods.contains(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
-                    && !clientAuthenticationMethods.contains(ClientAuthenticationMethod.CLIENT_SECRET_POST))) {
-
+            List<ClientAuthenticationMethod> clientAuthenticationMethods = oidcProviderMetadata.getTokenEndpointAuthMethods();
+            logger.info("OpenId Connect: Available clientAuthenticationMethods {} ", clientAuthenticationMethods);
+            if (clientAuthenticationMethods == null || clientAuthenticationMethods.isEmpty()) {
+                clientAuthenticationMethods = new ArrayList<>();
+                clientAuthenticationMethods.add(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
+                oidcProviderMetadata.setTokenEndpointAuthMethods(clientAuthenticationMethods);
+                logger.warn("OpenId Connect: ClientAuthenticationMethods is null, Setting clientAuthenticationMethods as CLIENT_SECRET_BASIC");
+            } else if (!clientAuthenticationMethods.contains(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
+                    && !clientAuthenticationMethods.contains(ClientAuthenticationMethod.CLIENT_SECRET_POST)) {
                 throw new RuntimeException(String.format("OpenId Connect Provider does not support %s or %s",
                         ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue(),
                         ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue()));