David Handermann created NIFI-11735:
---------------------------------------
Summary: Refactor Identity Provider Group Transfer to Bearer Token
Key: NIFI-11735
URL: https://issues.apache.org/jira/browse/NIFI-11735
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework, Security
Reporter: David Handermann
Assignee: David Handermann
Fix For: 1.latest, 2.latest
SAML authentication introduced the concept of Identity User Groups and used a
local H2 database for persisting group membership as part of the Identity
Provider authentication process. Updates to OIDC authentication also added
support for supplying group membership from the Identity Provider.
Following implementation refactoring for both SAML and OIDC, the application
Bearer Token generation and signing process has been streamlined. The
streamlined approach allows the framework to pass the Identity Provider groups
directly to the Bearer Token Provider, obviating the need for H2 database
persistence.
The integration approach should be refactored to remove the Identity Provider
User Group persistence in H2, and instead pass the provider group membership
through the application Bearer Token.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
