David Handermann created NIFI-10350:
---------------------------------------
Summary: Registry User Actions not authorized with OpenID Connect
Key: NIFI-10350
URL: https://issues.apache.org/jira/browse/NIFI-10350
Project: Apache NiFi
Issue Type: Bug
Components: NiFi Registry
Affects Versions: 1.17.0, 1.16.0
Reporter: David Handermann
Assignee: David Handermann
NiFi Registry users that should be authorized to add users and change policies
are unable to make changes through the user interface after authenticating with
OpenID Connect.
>From a new installation of NiFI Registry integrated with an OpenID Connect
>provider, the {{Add User}} button is disabled for the {{Initial Admin
>Identity}} configured in the {{file-access-policy-provider}} properties.
Evaluating HTTP requests and responses, NiFi Registry makes an initial request
to {{/nifi-registry-api/config}} and receives an HTTP 401 Unauthorized response
for the unauthenticated anonymous user. After selecting {{Login}} and
authenticating with the OpenID Connect provider, the {{Add User}} button
remains disabled.
The problem is that the user interface does not refresh the Registry
Configuration after a successful OIDC login. The Registry Configuration
indicates whether the Registry Authorizer is configurable, which controls
whether the {{Add User}} button is disabled. Authentication with username and
password credentials using Kerberos or LDAP works based on a subsequent request
to {{/nifi-registry-api/config}} after a successful login.
The user interface should be modified to refresh the Registry Configuration
following a successful OIDC login.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
