bbende commented on pull request #4614:
URL: https://github.com/apache/nifi/pull/4614#issuecomment-721184741
@mcgilman @thenatog added some additional commits to address some of the
review feedback and improve a few things I ran into while testing, here is a
summary of the changes...
- Refactored some of the DB operations to have "replace" methods instead of
calling "delete" and "create" in separate transactions where one could succeed
and the second could fail
- Added properties for configuring the values of `AuthnRequestsSigned` and
`WantAssertionsSigned` for the service provider metadata that is generated for
nifi at /nifi-api/access/saml/metadata
```
nifi.security.user.saml.request.signing.enabled=false
nifi.security.user.saml.want.assertions.signed=true
```
- Remove the property for specifying the signing key alias, it now inspects
the keystore and finds the private key entry and gets the alias automatically,
if more than one private key entry exists then an exception is thrown (nifi
already assumes a single private key in the keystore)
- Added a property for specifying an attribute to obtain the user identity
from, if an attribute is not specified or if the attribute is not found in the
response, then the Subject NameID is used by default
`nifi.security.user.saml.identity.attribute.name=`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
