[
https://issues.apache.org/jira/browse/NIFI-9510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17463342#comment-17463342
]
Pierre Villard edited comment on NIFI-9510 at 12/21/21, 4:26 PM:
-----------------------------------------------------------------
The problem is at the authorizer level, not the login identity provider.
By default, we use the single-user-provider for the identity provider, and the
single-user-authorizer for the authorizer.
You'd need to change the authorizers.xml file with what you want and make sure
to update the below property in nifi.properties configuration file:
{code:java}
nifi.security.user.authorizer{code}
(you're likely willing to use something like the managed-authorizer)
was (Author: pvillard):
The problem is at the authorizer level, not the login identity provider.
By default, we use the single-user-provider for the identity provider, and the
single-user-authorizer for the authorizer.
You'd need to change the authorizers.xml file with what you want and make sure
to update:
{code:java}
nifi.security.user.authorizer{code}
> Use OpenId with the new User Login Identity Provider feature
> ------------------------------------------------------------
>
> Key: NIFI-9510
> URL: https://issues.apache.org/jira/browse/NIFI-9510
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.15.1
> Reporter: Baptiste Moisson
> Priority: Major
>
> When I try to upgrade my version from 1.13.2 to 1.15.1 due to the log4j
> issue, I have got an issue with my authentication.
> I noticed on the migration guide that the following configuration is now set
> as default :
> {code:java}
> nifi.security.user.login.identity.provider=single-user-provider {code}
> and the connexion is now secure by default too.
> If I try to start Nifi with my OpenId parameters and with this default
> parameter, the following stack appear :
> {code:java}
> Caused by: java.lang.RuntimeException: OpenId Connect support cannot be
> enabled if the Login Identity Provider or Apache Knox SSO is configured.
> at
> org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.validateOIDCConfiguration(StandardOidcIdentityProvider.java:199)
> at
> (...){code}
> The documentation say this :
> |{{nifi.security.user.login.identity.provider}}|This indicates what type of
> login identity provider to use. The {*}+default value is blank+{*}, can be
> set to the identifier from a provider in the file specified in
> {{{}nifi.login.identity.provider.configuration.file{}}}. Setting this
> property will trigger NiFi to support username/password authentication.|
> So I putted the properties like this :
> {code:java}
> nifi.login.identity.provider.configuration.file=./conf/login-identity-providers.xml
> nifi.security.user.login.identity.provider= {code}
> with a blank value.
> Then I have got the following stack
>
> {code:java}
> Caused by:
> org.apache.nifi.authorization.exception.AuthorizerCreationException:
> SingleUserAuthorizer requires
> org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider to
> be configured
> at
> org.apache.nifi.authorization.single.user.SingleUserAuthorizer.initialize(SingleUserAuthorizer.java:91)
> at
> org.apache.nifi.authorization.AuthorizerFactoryBean.createAuthorizer(AuthorizerFactoryBean.java:369)
> at
> org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:159)
> at org.springframework.beans.fa {code}
> I think this is an issue because we can't left the
> nifi.security.user.login.identity.provider blank, but If we don't, we can't
> use the openId authentication.
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
