[jira] [Created] (NIFI-9510) Use OpenId with the new User Login Identity Provider feature

Tue, 21 Dec 2021 08:17:55 -0800 

Baptiste Moisson created NIFI-9510:
--------------------------------------

             Summary: Use OpenId with the new User Login Identity Provider 
feature
                 Key: NIFI-9510
                 URL: https://issues.apache.org/jira/browse/NIFI-9510
             Project: Apache NiFi
          Issue Type: Bug
    Affects Versions: 1.15.1
            Reporter: Baptiste Moisson


When I try to upgrade my version from 1.13.2 to 1.15.1 due to the log4j issue, 
I have got an issue with my authentication. 

I noticed on the migration guide that the following configuration is now set as 
default : 


{code:java}
nifi.security.user.login.identity.provider=single-user-provider {code}

and the connexion is now secure by default too. 

If I try to start Nifi with my OpenId parameters and with this default 
parameter, the following stack appear : 


{code:java}
Caused by: java.lang.RuntimeException: OpenId Connect support cannot be enabled 
if the Login Identity Provider or Apache Knox SSO is configured.
        at 
org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.validateOIDCConfiguration(StandardOidcIdentityProvider.java:199)
        at 
(...){code}

The documentation say this : 


|{{nifi.security.user.login.identity.provider}}|This indicates what type of 
login identity provider to use. The {*}+default value is blank+{*}, can be set 
to the identifier from a provider in the file specified in 
{{{}nifi.login.identity.provider.configuration.file{}}}. Setting this property 
will trigger NiFi to support username/password authentication.|


So I putted the properties like this : 


{code:java}
nifi.login.identity.provider.configuration.file=./conf/login-identity-providers.xml
nifi.security.user.login.identity.provider= {code}

with a blank value. 

Then I have got the following stack 
 
{code:java}
Caused by: org.apache.nifi.authorization.exception.AuthorizerCreationException: 
SingleUserAuthorizer requires 
org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider to 
be configured
        at 
org.apache.nifi.authorization.single.user.SingleUserAuthorizer.initialize(SingleUserAuthorizer.java:91)
        at 
org.apache.nifi.authorization.AuthorizerFactoryBean.createAuthorizer(AuthorizerFactoryBean.java:369)
        at 
org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:159)
        at org.springframework.beans.fa {code}

I think this is an issue because we can't left the 
nifi.security.user.login.identity.provider blank, but If we don't, we can't use 
the openId authentication.



 

 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to