[
https://issues.apache.org/jira/browse/NIFI-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17598453#comment-17598453
]
David Handermann commented on NIFI-10415:
-----------------------------------------
Client certificate authentication does not involve the same session processing,
so it makes sense that it would work, even when SAML authentication does not
work.
The initial issue description mentions accessing NiFi through a proxy, have you
configured the proxy-related settings in nifi.properties to reflect the proxy
host address and context path?
The SAML process uses a temporary cookie that is associated with the host
address and path used to access NiFi in the browser. For this reason, the
initial URL used to access NiFi, and the redirect from Okta, need to be exactly
the same, otherwise the browser will not send the cookie. That sounds like what
is happening based on the error.
> SAML Login Sequence Fails
> -------------------------
>
> Key: NIFI-10415
> URL: https://issues.apache.org/jira/browse/NIFI-10415
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.16.3
> Environment: RHEL OS. Proxied Environment
> Reporter: Greg Biddy
> Assignee: David Handermann
> Priority: Major
> Labels: SAML
> Attachments: auth_cookies.PNG
>
>
> Hello,
> I am attempting to configure a NiFi cluster to authenticate via Okta using
> SAML. I am in a proxied environment. When I navigate to NiFi via Okta, I
> receive the following error in the UI:
> Unable to continue login sequence
> The login request identifier was not found in the request. Unable to continue.
>
> I have configured the nifi.security.user.saml.idp.metadata.url property to
> reference a local file containing the metadata since Nifi cannot communicate
> with the IDP through the Proxy.
> Please verify if NiFi's SAML integration will work in a proxied environment.
>
> Thanks,
> Greg
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
