[jira] [Commented] (NIFI-10350) Registry User Actions not authorized with OpenID Connect

[ASF subversion and git services (Jira)]

    [ 
https://issues.apache.org/jira/browse/NIFI-10350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583177#comment-17583177
 ] 

ASF subversion and git services commented on NIFI-10350:
--------------------------------------------------------

Commit 6bfc798515635fcf3ea2ba6e2ad29e8383556901 in nifi's branch 
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=6bfc798515 ]

NIFI-10350 Corrected Registry User Authorization for OIDC

- Moved refresh of Registry Configuration to checkLogin functions
- Refreshing Registry Configuration allows the user interface to reflect the 
correct status for OIDC and other authentication strategies

Signed-off-by: Nathan Gough <thena...@gmail.com>

This closes #6295.


> Registry User Actions not authorized with OpenID Connect
> --------------------------------------------------------
>
>                 Key: NIFI-10350
>                 URL: https://issues.apache.org/jira/browse/NIFI-10350
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: NiFi Registry
>    Affects Versions: 1.16.0, 1.17.0
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> NiFi Registry users that should be authorized to add users and change 
> policies are unable to make changes through the user interface after 
> authenticating with OpenID Connect.
> From a new installation of NiFI Registry integrated with an OpenID Connect 
> provider, the {{Add User}} button is disabled for the {{Initial Admin 
> Identity}} configured in the {{file-access-policy-provider}} properties.
> Evaluating HTTP requests and responses, NiFi Registry makes an initial 
> request to {{/nifi-registry-api/config}} and receives an HTTP 401 
> Unauthorized response for the unauthenticated anonymous user. After selecting 
> {{Login}} and authenticating with the OpenID Connect provider, the {{Add 
> User}} button remains disabled.
> The problem is that the user interface does not refresh the Registry 
> Configuration after a successful OIDC login. The Registry Configuration 
> indicates whether the Registry Authorizer is configurable, which controls 
> whether the {{Add User}} button is disabled. Authentication with username and 
> password credentials using Kerberos or LDAP works based on a subsequent 
> request to {{/nifi-registry-api/config}} after a successful login.
> The user interface should be modified to refresh the Registry Configuration 
> following a successful OIDC login.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)