[jira] [Commented] (NIFI-11370) Unable to connect to OIDC service using NiFi truststore

ASF subversion and git services (Jira) Fri, 31 Mar 2023 16:30:05 -0700


    [ 
https://issues.apache.org/jira/browse/NIFI-11370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17707444#comment-17707444
 ]


ASF subversion and git services commented on NIFI-11370:
--------------------------------------------------------

Commit fbbb8046df3793eb21789a68f302637a64fde488 in nifi's branch 
refs/heads/support/nifi-1.x from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=fbbb8046df ]

NIFI-11370 Corrected JWK Set retrieval for NIFI Trust Strategy (#7108)

- Added StandardOidcIdTokenDecoderFactory based on Spring Security 
OidcIdTokenDecoderFactory with custom REST Operations

Merged #7108 into main.

(cherry picked from commit e4f0508c90f7f354b4210dd80f3dbed5b3254bcd)


> Unable to connect to OIDC service using NiFi truststore
> -------------------------------------------------------
>
>                 Key: NIFI-11370
>                 URL: https://issues.apache.org/jira/browse/NIFI-11370
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>         Environment: NiFi 1.21.0 branch support/nifi-1.x commit 
> 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build 
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build 
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>            Reporter: macdoor615
>            Assignee: David Handermann
>            Priority: Major
>             Fix For: 2.0.0, 1.21.0
>
>         Attachments: invalid_id_token.png
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> My NiFi 1.20 servers are all using NiFi truststore when connecting to the 
> OIDC service. 
> I set nifi.security.user.oidc.truststore.strategy in nifi.properties.
>  
> {code:java}
> nifi.security.user.oidc.truststore.strategy=NIFI{code}
>  
> I upgraded to NiFi 1.21.0 commit 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0. 
> and got this error
> !invalid_id_token.png|width=1129,height=162!
> I delete nifi.security.user.oidc.truststore.strategy property in 
> nifi.properties, import certifacate into {{cacerts,}} and use Java’s default 
> {{cacerts}} truststore. Then I can log in webui properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (NIFI-11370) Unable to connect to OIDC service using NiFi truststore

Reply via email to