You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/08/22 20:06:00 UTC

[jira] [Commented] (NIFI-10350) Registry User Actions not authorized with OpenID Connect

    [ https://issues.apache.org/jira/browse/NIFI-10350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583177#comment-17583177 ] 

ASF subversion and git services commented on NIFI-10350:
--------------------------------------------------------

Commit 6bfc798515635fcf3ea2ba6e2ad29e8383556901 in nifi's branch refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=6bfc798515 ]

NIFI-10350 Corrected Registry User Authorization for OIDC

- Moved refresh of Registry Configuration to checkLogin functions
- Refreshing Registry Configuration allows the user interface to reflect the correct status for OIDC and other authentication strategies

Signed-off-by: Nathan Gough <th...@gmail.com>

This closes #6295.


> Registry User Actions not authorized with OpenID Connect
> --------------------------------------------------------
>
>                 Key: NIFI-10350
>                 URL: https://issues.apache.org/jira/browse/NIFI-10350
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: NiFi Registry
>    Affects Versions: 1.16.0, 1.17.0
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> NiFi Registry users that should be authorized to add users and change policies are unable to make changes through the user interface after authenticating with OpenID Connect.
> From a new installation of NiFI Registry integrated with an OpenID Connect provider, the {{Add User}} button is disabled for the {{Initial Admin Identity}} configured in the {{file-access-policy-provider}} properties.
> Evaluating HTTP requests and responses, NiFi Registry makes an initial request to {{/nifi-registry-api/config}} and receives an HTTP 401 Unauthorized response for the unauthenticated anonymous user. After selecting {{Login}} and authenticating with the OpenID Connect provider, the {{Add User}} button remains disabled.
> The problem is that the user interface does not refresh the Registry Configuration after a successful OIDC login. The Registry Configuration indicates whether the Registry Authorizer is configurable, which controls whether the {{Add User}} button is disabled. Authentication with username and password credentials using Kerberos or LDAP works based on a subsequent request to {{/nifi-registry-api/config}} after a successful login.
> The user interface should be modified to refresh the Registry Configuration following a successful OIDC login.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)