[jira] [Commented] (NIFI-8056) openid integration with nifi is not working (in proxy environment)

Tue, 25 May 2021 03:41:07 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-8056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17350961#comment-17350961
 ] 

Ramani J commented on NIFI-8056:
--------------------------------

Here are the below changes required to support OpenID integration for proxy 
based environment.

1)\nifi-1.12.1\nifi-nar-bundles\nifi-framework-bundle\pom.xml

<dependency>
 <groupId>com.nimbusds</groupId>
 <artifactId>oauth2-oidc-sdk</artifactId>
 <version>8.27</version>
</dependency>

 

2) 
nifi-1.12.1\nifi-nar-bundles\nifi-framework-bundle\nifi-framework\nifi-web\nifi-web-security\src\main\java\org\apache\nifi\web\security\oidc\StandardOidcIdentityProvider.java

Modify the below method:

private OIDCProviderMetadata retrieveOidcProviderMetadata(final String 
discoveryUri) throws IOException, ParseException {
 final URL url = new URL(discoveryUri);
 final HTTPRequest httpRequest = new HTTPRequest(HTTPRequest.Method.GET, url);
 httpRequest.setConnectTimeout(oidcConnectTimeout);
 httpRequest.setReadTimeout(oidcReadTimeout);
 Socket socketWithProxy = new Socket("<<PROXY_HOST>>", 8000);
 SocketAddress remoteSocketAddress = socketWithProxy.getRemoteSocketAddress();
 httpRequest.setProxy(new Proxy(Proxy.Type.HTTP, remoteSocketAddress));
 final HTTPResponse httpResponse = httpRequest.send();

 if (httpResponse.getStatusCode() != 200) {
 throw new IOException("Unable to download OpenId Connect Provider metadata 
from " + url + ": Status code " + httpResponse.getStatusCode());
 }

 final JSONObject jsonObject = httpResponse.getContentAsJSONObject();
 return OIDCProviderMetadata.parse(jsonObject);
}

 

Here the proxy and port needs to be modified to read from nifi properties file. 
Add condition if proxy based environement then use proxy. else go with out 
proxy.

 

3) Create a equilant test class.

 

Could you please take this up, implement the same, checkin, test and release. 

> openid integration with nifi is not working (in proxy environment)
> ------------------------------------------------------------------
>
>                 Key: NIFI-8056
>                 URL: https://issues.apache.org/jira/browse/NIFI-8056
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 1.12.1
>         Environment: nifi 1.12.1 with open id (with proxy)
>            Reporter: Ramani J
>            Priority: Critical
>
> setup nifi 1.12.1
> configure open id integration
> start the server after the openid configuration, it will not start and throw, 
> connection time out error
> 2020-11-25 18:21:49,047 INFO [main] o.eclipse.jetty.server.AbstractConnector 
> Started ServerConnector@dd0c991\{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}2020-11-25 
> 18:21:49,047 INFO [main] o.eclipse.jetty.server.AbstractConnector Started 
> ServerConnector@dd0c991\{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}2020-11-25 
> 18:21:49,047 INFO [main] org.eclipse.jetty.server.Server Started 
> @172112ms2020-11-25 18:21:49,054 WARN [main] 
> org.apache.nifi.web.server.JettyServer Failed to start web server... shutting 
> down.org.springframework.beans.factory.BeanCreationException: Error creating 
> bean with name 'oidcService' defined in class path resource 
> [nifi-web-security-context.xml]: Bean instantiation via constructor failed; 
> nested exception is org.springframework.beans.BeanInstantiationException: 
> Failed to instantiate [org.apache.nifi.web.security.oidc.OidcService]: 
> Constructor threw exception; nested exception is java.lang.RuntimeException: 
> Unable to retrieve OpenId Connect Provider metadata from: 
> https://accounts.google.com/.well-known/openid-configuration at 
> org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:279)
>  at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1198)
>  at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1100)
>  at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
>  at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
>  at 
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
>  at 
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
>  at 
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
>  at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
>  at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
>  at 
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
>  at 
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
>  at 
> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
>  at 
> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
>  at 
> org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
>  at 
> org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:930)
>  at 
> org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:553)
>  at 
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:889)
>  at 
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
>  at 
> org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1445) 
> at 
> org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1409) 
> at 
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:822)
>  at 
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
>  at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524) at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
>  at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>  at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>  at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>  at 
> org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:425)
>  at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
>  at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>  at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
>  at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>  at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>  at org.eclipse.jetty.server.Server.start(Server.java:407) at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>  at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>  at org.eclipse.jetty.server.Server.doStart(Server.java:371) at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>  at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:1052) at 
> org.apache.nifi.NiFi.<init>(NiFi.java:158) at 
> org.apache.nifi.NiFi.<init>(NiFi.java:72) at 
> org.apache.nifi.NiFi.main(NiFi.java:301)Caused by: 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.apache.nifi.web.security.oidc.OidcService]: Constructor threw exception; 
> nested exception is java.lang.RuntimeException: Unable to retrieve OpenId 
> Connect Provider metadata from: 
> https://accounts.google.com/.well-known/openid-configuration at 
> org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:154) at 
> org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:122)
>  at 
> org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:271)
>  ... 51 common frames omittedCaused by: java.lang.RuntimeException: Unable to 
> retrieve OpenId Connect Provider metadata from: 
> https://accounts.google.com/.well-known/openid-configuration at 
> org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.initializeProvider(StandardOidcIdentityProvider.java:119)
>  at org.apache.nifi.web.security.oidc.OidcService.<init>(OidcService.java:68) 
> at org.apache.nifi.web.security.oidc.OidcService.<init>(OidcService.java:51) 
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at 
> sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) at 
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) at 
> java.lang.reflect.Constructor.newInstance(Unknown Source) at 
> org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:142) ... 
> 53 common frames omittedCaused by: java.net.SocketTimeoutException: connect 
> timed out at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native 
> Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown 
> Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown 
> Source) at java.lang.reflect.Constructor.newInstance(Unknown Source) at 
> sun.net.www.protocol.http.HttpURLConnection$10.run(Unknown Source) at 
> sun.net.www.protocol.http.HttpURLConnection$10.run(Unknown Source) at 
> java.security.AccessController.doPrivileged(Native Method) at 
> sun.net.www.protocol.http.HttpURLConnection.getChainedException(Unknown 
> Source) at 
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) 
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) 
> at java.net.HttpURLConnection.getResponseCode(Unknown Source) at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown 
> Source) at 
> com.nimbusds.oauth2.sdk.http.HTTPRequest.send(HTTPRequest.java:901) at 
> org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.retrieveOidcProviderMetadata(StandardOidcIdentityProvider.java:245)
>  at 
> org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.initializeProvider(StandardOidcIdentityProvider.java:117)
>  ... 60 common frames omittedCaused by: java.net.SocketTimeoutException: 
> connect timed out at java.net.TwoStacksPlainSocketImpl.socketConnect(Native 
> Method) at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) at 
> java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) at 
> java.net.AbstractPlainSocketImpl.connect(Unknown Source) at 
> java.net.PlainSocketImpl.connect(Unknown Source) at 
> java.net.SocksSocketImpl.connect(Unknown Source) at 
> java.net.Socket.connect(Unknown Source) at 
> sun.security.ssl.SSLSocketImpl.connect(Unknown Source) at 
> sun.net.NetworkClient.doConnect(Unknown Source) at 
> sun.net.www.http.HttpClient.openServer(Unknown Source) at 
> sun.net.www.http.HttpClient.openServer(Unknown Source) at 
> sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source) at 
> sun.net.www.protocol.https.HttpsClient.New(Unknown Source) at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown
>  Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown 
> Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown 
> Source) at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown 
> Source) at 
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) 
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) 
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown 
> Source) at 
> com.nimbusds.oauth2.sdk.http.HTTPRequest.send(HTTPRequest.java:890) ... 62 
> common frames omitted2020-11-25 18:21:49,059 INFO [Thread-1] 
> org.apache.nifi.NiFi Initiating shutdown of Jetty web server...2020-11-25 
> 18:21:49,069 INFO [Thread-1] o.eclipse.jetty.server.AbstractConnector Stopped 
> ServerConnector@dd0c991\{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}2020-11-25 
> 18:21:49,070 INFO [Thread-1] org.eclipse.jetty.server.session node0 Stopped 
> scavenging



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to