[jira] [Updated] (NIFI-10350) Registry User Actions not authorized with OpenID Connect

Mon, 22 Aug 2022 13:15:20 -0700 


     [ 
https://issues.apache.org/jira/browse/NIFI-10350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nathan Gough updated NIFI-10350:
--------------------------------
    Fix Version/s: 1.18.0
       Resolution: Fixed
           Status: Resolved  (was: Patch Available)

> Registry User Actions not authorized with OpenID Connect
> --------------------------------------------------------
>
>                 Key: NIFI-10350
>                 URL: https://issues.apache.org/jira/browse/NIFI-10350
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: NiFi Registry
>    Affects Versions: 1.16.0, 1.17.0
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>             Fix For: 1.18.0
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> NiFi Registry users that should be authorized to add users and change 
> policies are unable to make changes through the user interface after 
> authenticating with OpenID Connect.
> From a new installation of NiFI Registry integrated with an OpenID Connect 
> provider, the {{Add User}} button is disabled for the {{Initial Admin 
> Identity}} configured in the {{file-access-policy-provider}} properties.
> Evaluating HTTP requests and responses, NiFi Registry makes an initial 
> request to {{/nifi-registry-api/config}} and receives an HTTP 401 
> Unauthorized response for the unauthenticated anonymous user. After selecting 
> {{Login}} and authenticating with the OpenID Connect provider, the {{Add 
> User}} button remains disabled.
> The problem is that the user interface does not refresh the Registry 
> Configuration after a successful OIDC login. The Registry Configuration 
> indicates whether the Registry Authorizer is configurable, which controls 
> whether the {{Add User}} button is disabled. Authentication with username and 
> password credentials using Kerberos or LDAP works based on a subsequent 
> request to {{/nifi-registry-api/config}} after a successful login.
> The user interface should be modified to refresh the Registry Configuration 
> following a successful OIDC login.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to