[
https://issues.apache.org/jira/browse/NIFI-12202?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17800983#comment-17800983
]
Alex Jackson commented on NIFI-12202:
-------------------------------------
Hi, apologies for the delay in update. I didn't get notified and I am
revisiting this topic again on my end...
Our SAML is done via ADFS.
What I notice when I monitor the network tab is that I initially get 401 for
current-user (this is expected as we do not know the user yet) then I am sent
to the login pageĀ nifi login page /nifi/login which is found and following
this I get consumer /nifi-api/saml2/authenticate/consumer which is also found,
after this i see my saml request adfs/ls/?SAMLRequest=... which is 200 and then
I am again at consumer 302 and then finally nifi with 200. It then lodas all
the elements it should css wise etc. and gets the regular 409 for kerberos
(makes sense as this is not configured) but on both expiration
nifi-api/access/token/expiration and current-user nifi-api/flow/current-user I
get a 401.
So what I see is the whole loop again to saml happens, same game, to then again
get 401 on current user...
I cannot load any screenshots for you as my company is very strict with
external internet access, this browser is in an isolated virtual machine that I
cannot copy data to or from.
I do not have this problem in 1.22 but as soon as I try 1.23.2 or 1.24 this
problem exists. I believe this is related to this change:
https://issues.apache.org/jira/browse/NIFI-11492
I cannot find anything else in the release notes that talks about SAML
otherwise...
I also do not see anything in nifi-app or nifi-user logs, not even me
attempting to make my request, the only requests are my technical user that
goes to the nifi-api/flow/metrics/prometheus endpoint.
> SAML Infinitely Redirects
> -------------------------
>
> Key: NIFI-12202
> URL: https://issues.apache.org/jira/browse/NIFI-12202
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.24.0, 1.23.1, 1.23.2
> Reporter: Alex Jackson
> Priority: Major
>
> We have SAML configured and when I updated from 1.20.0 to 1.23.1 (at the
> time) and just tried now 1.23.2 I see that SAML authentication takes place
> but I am infinitely redirected and eventually land on a nifi-api address. I
> havent got it deployed in this bad state anymore but I feel like there is an
> issue with SAML and it would be great if someone could look into it
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
