[
https://issues.apache.org/jira/browse/NIFI-7924?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17260831#comment-17260831
]
ASF subversion and git services commented on NIFI-7924:
-------------------------------------------------------
Commit f330078fffd39feeb2b289f7e9de5113f9c78bb4 in nifi's branch
refs/heads/main from sjyang18
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=f330078 ]
NIFI-7924 Add fallback claims for identifying user to OIDC provider
This closes #4630
Signed-off-by: Joey Frazee <[email protected]>
> Fallback claim(s) support in OIDC based authentication
> ------------------------------------------------------
>
> Key: NIFI-7924
> URL: https://issues.apache.org/jira/browse/NIFI-7924
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.12.1
> Reporter: Seokwon Yang
> Assignee: Seokwon Yang
> Priority: Minor
> Time Spent: 3h 40m
> Remaining Estimate: 0h
>
> Currently, 'nifi.security.user.oidc.claim.identifying.user' NiFi
> configuration sets only one claim to bind ID token to username. There are
> corner-case where fallback claim should search in case the configured claim
> is not found in ID token.
> For example, not all user directory objects has email address in Azure
> Activity Directory
> ([https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#email]).
> We need a fallback claim support so that when there is no email address
> claim available for a user, the OIDC identity provider should pick up
> fallback claim(s) for the user name. For other users with emails, it should
> continue to use the configured claim to set user name.
>
> I will introduce 'nifi.security.user.oidc.fallback.claims.identifying.user'
> in NiFi properties and implement the fallback logic .
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
