[
https://issues.apache.org/jira/browse/NIFI-12202?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17803842#comment-17803842
]
David Handermann commented on NIFI-12202:
-----------------------------------------
Thanks for the additional details [~uxapj].
Does the NiFi deployment have a reverse proxy or load balancer in front? This
can be impact the properties of the Authorization Bearer Cookie if not
configured correctly.
The referenced Jira issue does not appear to relate to this issue, but there
could be other changes related to strict cookie handling that might apply to
your situation.
In particular, if you look at the Set-Cookie response header from the NiFi API,
it should include several attributes, including path and domain. These values
must match in order for the browser to send the token back in a request Cookie
header for subsequent authentication. When this works, there should be a Cookie
request header containing __Secure-Authorization-Bearer on the request to
nifi-api/flow/current-user. The fact that NiFi API returns an HTTP 401 makes it
sound like the browser is not sending the cookie, resulting in the
authentication loop.
> SAML Infinitely Redirects
> -------------------------
>
> Key: NIFI-12202
> URL: https://issues.apache.org/jira/browse/NIFI-12202
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.24.0, 1.23.1, 1.23.2
> Reporter: Alex Jackson
> Priority: Major
>
> We have SAML configured and when I updated from 1.20.0 to 1.23.1 (at the
> time) and just tried now 1.23.2 I see that SAML authentication takes place
> but I am infinitely redirected and eventually land on a nifi-api address. I
> havent got it deployed in this bad state anymore but I feel like there is an
> issue with SAML and it would be great if someone could look into it
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
