[
https://issues.apache.org/jira/browse/NIFI-11735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-11735:
------------------------------------
Status: Patch Available (was: Open)
> Refactor Identity Provider Group Transfer to Bearer Token
> ---------------------------------------------------------
>
> Key: NIFI-11735
> URL: https://issues.apache.org/jira/browse/NIFI-11735
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Security
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Fix For: 1.latest, 2.latest
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> SAML authentication introduced the concept of Identity User Groups and used a
> local H2 database for persisting group membership as part of the Identity
> Provider authentication process. Updates to OIDC authentication also added
> support for supplying group membership from the Identity Provider.
> Following implementation refactoring for both SAML and OIDC, the application
> Bearer Token generation and signing process has been streamlined. The
> streamlined approach allows the framework to pass the Identity Provider
> groups directly to the Bearer Token Provider, obviating the need for H2
> database persistence.
> The integration approach should be refactored to remove the Identity Provider
> User Group persistence in H2, and instead pass the provider group membership
> through the application Bearer Token.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
