This is an automated email from the ASF dual-hosted git repository.
greyp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 0c0f7e87be NIFI-11004 Added documentation for OIDC groups claim
property
0c0f7e87be is described below
commit 0c0f7e87be4b2b51297fb4717335ca87f6089fae
Author: exceptionfactory <[email protected]>
AuthorDate: Thu Dec 22 11:46:09 2022 -0600
NIFI-11004 Added documentation for OIDC groups claim property
This closes #6802
Signed-off-by: Paul Grey <[email protected]>
---
nifi-docs/src/main/asciidoc/administration-guide.adoc | 3 +++
.../nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml | 1 +
.../nifi-resources/src/main/resources/conf/nifi.properties | 1 +
3 files changed, 5 insertions(+)
diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc
b/nifi-docs/src/main/asciidoc/administration-guide.adoc
index 94f4f69c55..007a432d95 100644
--- a/nifi-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -503,6 +503,9 @@ JSON Web Key (JWK) provided through the jwks_uri in the
metadata found at the di
|`nifi.security.user.oidc.additional.scopes` | Comma separated scopes that are
sent to OpenId Connect Provider in addition to `openid` and `email`.
|`nifi.security.user.oidc.claim.identifying.user` | Claim that identifies the
user to be logged in; default is `email`. May need to be requested via the
`nifi.security.user.oidc.additional.scopes` before usage.
|`nifi.security.user.oidc.fallback.claims.identifying.user` | Comma separated
possible fallback claims used to identify the user in case
`nifi.security.user.oidc.claim.identifying.user` claim is not present for the
login user.
+|`nifi.security.user.oidc.claim.groups` | Name of the ID token claim that
contains an array of group names of which the
+user is a member. Application groups must be supplied from a User Group
Provider with matching names in order for the
+authorization process to use ID token claim groups. The default value is
`groups`.
|`nifi.security.user.oidc.truststore.strategy` | If value is `NIFI`, use the
NiFi truststore when connecting to the OIDC service, otherwise if value is
`JDK` use Java's default `cacerts` truststore. The default value is `JDK`.
|==================================================================================================================================================
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml
index e61077d5df..7940622098 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml
@@ -171,6 +171,7 @@
<nifi.security.user.oidc.additional.scopes />
<nifi.security.user.oidc.claim.identifying.user />
<nifi.security.user.oidc.fallback.claims.identifying.user />
+
<nifi.security.user.oidc.claim.groups>groups</nifi.security.user.oidc.claim.groups>
<nifi.security.user.oidc.truststore.strategy>JDK</nifi.security.user.oidc.truststore.strategy>
<!-- nifi.properties: apache knox -->
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
index 7b66af721b..9c61d1bc19 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
@@ -202,6 +202,7 @@
nifi.security.user.oidc.preferred.jwsalgorithm=${nifi.security.user.oidc.preferr
nifi.security.user.oidc.additional.scopes=${nifi.security.user.oidc.additional.scopes}
nifi.security.user.oidc.claim.identifying.user=${nifi.security.user.oidc.claim.identifying.user}
nifi.security.user.oidc.fallback.claims.identifying.user=${nifi.security.user.oidc.fallback.claims.identifying.user}
+nifi.security.user.oidc.claim.groups=${nifi.security.user.oidc.claim.groups}
nifi.security.user.oidc.truststore.strategy=${nifi.security.user.oidc.truststore.strategy}
# Apache Knox SSO Properties #
