[
https://issues.apache.org/jira/browse/NIFI-7765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17188839#comment-17188839
]
W Chang commented on NIFI-7765:
-------------------------------
I tested the client_cert.p12 file using the curl and it could establish SSL
connection. However, nifi cli authentication using the user certificate does
not work.
So, I also tried "Proxied Entity" method. To do that, I added "clientAuth" to
"Extended Key Usage" and got the server certificate certified by my company.
{code:java}
extendedKeyUsage = serverAuth, clientAuth{code}
However, when nifi was started using the new certificate, nifi did not use OIDC
for authentication and used my computer certificate automatically. So I had to
add the owner of the certificate to the nifi user list and make it as the admin
to login to the nifi UI.
Then I added the owner of the server certificate to the nifi user list, and
"Access the controller" and "Proxy user request" policies. After the
configuration, the cli authentication using "Proxied Entity" works.
The current issue with this approach is that authentication using OIDC does not
work. Would you have any ideas on this issue? Thanks.
> Toolket CLI OpenID Connect Support
> ----------------------------------
>
> Key: NIFI-7765
> URL: https://issues.apache.org/jira/browse/NIFI-7765
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.11.4
> Environment: CentOS Linux 7
> Reporter: W Chang
> Priority: Major
> Labels: Authentication, CLI, Connect, OIDC, OpenID
>
> When a NiFi or a Registry instance is configured for OpenID Connect
> authentication, a user cannot authenticate to the secure NiFi or the secure
> Registry using Toolkit CLI to use CLI commands.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
