-1 non-binding. Verified release with successful build on Azul Zulu JDK 11.0.10 on Ubuntu 20.0.10. Verified sample flow with InvokeHTTP and ListenHTTP processors using multiple keystore types and TLS configuration options.
Unfortunately found bcprov-ext-jdk15on-1.60.jar together with bcprov-jdk15on-1.68.jar in nifi-framework-nar. The bcprov-ext-jdk15on-1.60.jar library is apparently a transitive dependency of spring-security-saml2-core through a library named com.narupley:not-going-to-be-commons-ssl. The Bouncy Castle libraries should be version 1.68 throughout the NiFi framework. The bcprov-ext-jdk15on library contains the same classes as bcprov-jdk15on plus a handful of additional classes for infrequently used algorithms. The presence of both versions did not appear to cause problems during initial tests, but it could cause unexpected behavior at runtime depending on which version gets loaded. If the Spring Security SAML2 library requires the algorithms present in bcprov-ext-jdk15on, it will probably be necessary to change dependencies in NiFi to replace references to bcprov-jdk15on with bcprov-ext-jdk15on to ensure a consistent version and avoid duplication. Regards, David Handermann On Fri, Jan 29, 2021 at 5:33 PM M Tien <mtien.apa...@gmail.com> wrote: > +1 non-binding. > > Went through the release guide > Verified a full build on JDK 1.8.0_275 and JDK 11.0.5 > Verified a secure instance of NiFi > Verified I was able to authenticate with OIDC using Google, Okta, and > Azure and I can successfully log out and invalidate the JWT. > > - Margot
