[jira] [Commented] (NIFI-14061) Add support for file scheme in OIDC Discovery URL

Sun, 15 Dec 2024 06:08:05 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-14061?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17905806#comment-17905806
 ] 

ASF subversion and git services commented on NIFI-14061:
--------------------------------------------------------

Commit 19bac1143807ba7ce440feb3eff7bad89c4c9a23 in nifi's branch 
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=19bac11438 ]

NIFI-14061 Added support for file scheme in OIDC Discovery URL

Signed-off-by: Pierre Villard <[email protected]>

This closes #9580.


> Add support for file scheme in OIDC Discovery URL
> -------------------------------------------------
>
>                 Key: NIFI-14061
>                 URL: https://issues.apache.org/jira/browse/NIFI-14061
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Chris Sampson
>            Assignee: David Handermann
>            Priority: Minor
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> NiFi allows for the use of OIDC for User authentication and authorisation.
> This is currently configured via the 
> {{nifi.security.user.oidc.discovery.url}} property (amongst others), which 
> relies on the OIDC IdP to present its endpoints via the standard 
> {{.well-known/oidc-configuration}} endpoint JSON document.
> In many cases, this is sufficient and works. However, in some network setups 
> it might be that one can and would prefer to use internal vs. external 
> connectivity for some of the OIDC endpoints (e.g. the token, userinfo, 
> JWKSet) whereas others need to remain external (e.g. Auth and Session End) 
> for the users to be directed to during login/logout.
> The OIDC IdP is (most likely) not able to be configured to communicate this 
> via the {{.well-known}} endpoint as most would likely expect the endpoints to 
> be accessed via the same domain by default.
> NiFi could allow users to override these endpoints individually, for example 
> the {{.well-known}} document could be the default way to obtain the necessary 
> OIDC configuration, but then individual endpoints could be overriden by 
> additional (optional) {{nifi.properties}} settings.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to