You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2018/01/17 15:55:44 UTC
nifi git commit: NIFI-4781: Updated ClientAuthenticationMethod as
optional field response from OpenID provider. This closes #2213
Repository: nifi
Updated Branches:
refs/heads/master 7c1ce1722 -> 790f14b8e
NIFI-4781: Updated ClientAuthenticationMethod as optional field response from OpenID provider. This closes #2213
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/790f14b8
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/790f14b8
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/790f14b8
Branch: refs/heads/master
Commit: 790f14b8ef77740fc79839f51a3521db39afde09
Parents: 7c1ce17
Author: Senthilannaswamy <se...@accenture.com>
Authored: Tue Oct 10 13:05:48 2017 +0530
Committer: Matt Gilman <ma...@gmail.com>
Committed: Wed Jan 17 10:55:11 2018 -0500
----------------------------------------------------------------------
.../security/oidc/StandardOidcIdentityProvider.java | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/790f14b8/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java
index 62e0c0c..02ed1ff 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java
@@ -61,6 +61,7 @@ import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
+import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
@@ -68,6 +69,7 @@ import java.util.concurrent.TimeUnit;
import static com.nimbusds.openid.connect.sdk.claims.UserInfo.EMAIL_CLAIM_NAME;
+
/**
* OidcProvider for managing the OpenId Connect Authorization flow.
*/
@@ -163,11 +165,15 @@ public class StandardOidcIdentityProvider implements OidcIdentityProvider {
}
// ensure the oidc provider supports basic or post client auth
- final List<ClientAuthenticationMethod> clientAuthenticationMethods = oidcProviderMetadata.getTokenEndpointAuthMethods();
- if (clientAuthenticationMethods == null
- || (!clientAuthenticationMethods.contains(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
- && !clientAuthenticationMethods.contains(ClientAuthenticationMethod.CLIENT_SECRET_POST))) {
-
+ List<ClientAuthenticationMethod> clientAuthenticationMethods = oidcProviderMetadata.getTokenEndpointAuthMethods();
+ logger.info("OpenId Connect: Available clientAuthenticationMethods {} ", clientAuthenticationMethods);
+ if (clientAuthenticationMethods == null || clientAuthenticationMethods.isEmpty()) {
+ clientAuthenticationMethods = new ArrayList<>();
+ clientAuthenticationMethods.add(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
+ oidcProviderMetadata.setTokenEndpointAuthMethods(clientAuthenticationMethods);
+ logger.warn("OpenId Connect: ClientAuthenticationMethods is null, Setting clientAuthenticationMethods as CLIENT_SECRET_BASIC");
+ } else if (!clientAuthenticationMethods.contains(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
+ && !clientAuthenticationMethods.contains(ClientAuthenticationMethod.CLIENT_SECRET_POST)) {
throw new RuntimeException(String.format("OpenId Connect Provider does not support %s or %s",
ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue(),
ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue()));