[
https://issues.apache.org/jira/browse/NIFI-7765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17186570#comment-17186570
]
W Chang commented on NIFI-7765:
-------------------------------
Thanks for your reply.
As for configuration, a user is configured in authorizers.xml using the format
as shown below.
[[email protected]|mailto:[email protected]] is replaced with a real
user email address. OIDC server requires the email address format for a user
identifier.
{code:java}
<userGroupProvider>
...
<property name="Initial User Identity 1">[email protected]</property>
...
<accessPolicyProvider>
...
<property name="Initial Admin Identity">[email protected]</property>
...
{code}
The user can login NiFi GUI using OIDC successfully.
The CLI command used looks like as shown below:
{code:java}
#> nifi list-param-contexts -u https://<server1.company.com>:9443 -ts
/opt/certs/truststore.jks -tsp <truststore_password> -tst jks -ks
/opt/certs/client_cert.p12 -kp <client_cert_password> -kst pkcs12{code}
truststore.jks has the company CA certificate and client_cert.p12 is provided
by the company.
> Toolket CLI OpenID Connect Support
> ----------------------------------
>
> Key: NIFI-7765
> URL: https://issues.apache.org/jira/browse/NIFI-7765
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.11.4
> Environment: CentOS Linux 7
> Reporter: W Chang
> Priority: Major
> Labels: Authentication, CLI, Connect, OIDC, OpenID
>
> When a NiFi or a Registry instance is configured for OpenID Connect
> authentication, a user cannot authenticate to the secure NiFi or the secure
> Registry using Toolkit CLI to use CLI commands.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
