[jira] [Commented] (NIFI-12202) SAML Infinitely Redirects

Wed, 21 Feb 2024 05:43:04 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-12202?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17819259#comment-17819259
 ] 

Alex Jackson commented on NIFI-12202:
-------------------------------------

[~exceptionfactory]  sorry again for being late on this - it was somehow 
related to the cookie (this helped us direct our attention to what was going 
on) but we had to remove the line single-user-provider from here:
{{nifi.security.user.login.identity.provider}}
strangely this always worked even though we have managed-authorizer set: 
{{nifi.security.user.authorizer=managed-authorizer}}

now we have another problem though - before we had to put the user and the 
group in nifi users in order for them to login. The user name would let them 
login but the groups were where we gave them their policy access etc.

It seems now though that unless we physically add the user to the member of the 
group it will not give them their policies - do I need to create a separate 
ticket for this or is this somehow expected behavior??
!image-2024-02-21-14-41-53-054.png!

We tested the fact that the username does now no longer need to be in NiFi 
users but the policies with the groups no longer work and only work when we add 
the user to be a member of said group. But the group is definitely coming 
through from the saml token/cookie

> SAML Infinitely Redirects
> -------------------------
>
>                 Key: NIFI-12202
>                 URL: https://issues.apache.org/jira/browse/NIFI-12202
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.24.0, 1.23.1, 1.23.2
>            Reporter: Alex Jackson
>            Priority: Major
>         Attachments: image-2024-02-21-14-41-53-054.png
>
>
> We have SAML configured and when I updated from 1.20.0 to 1.23.1 (at the 
> time) and just tried now 1.23.2 I see that SAML authentication takes place 
> but I am infinitely redirected and eventually land on a nifi-api address. I 
> havent got it deployed in this bad state anymore but I feel like there is an 
> issue with SAML and it would be great if someone could look into it



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to