[jira] [Commented] (NIFI-7332) Improve communication to user when OIDC response does not contain usable claims

Tue, 07 Jul 2020 12:38:21 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-7332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17153051#comment-17153051
 ] 

ASF subversion and git services commented on NIFI-7332:
-------------------------------------------------------

Commit aa741cc5967f62c3c38c2a47e712b7faa6fe19ff in nifi's branch 
refs/heads/master from mtien
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=aa741cc ]

NIFI-7332 Added method to log available claim names from the ID provider 
response when the OIDC Identifying User claim is not found. Revised log message 
to print available claims.
Added new StandardOidcIdentityProviderGroovyTest file.
Updated deprecated methods in StandardOidcIdentityProvider. Changed log output 
to print all available claim names from JWTClaimsSet. Added unit test.
Added comments in getAvailableClaims() method.
Fixed typos in NiFi Docs Admin Guide.
Added license to Groovy test.
Fixed a checkstyle error.
Refactor exchangeAuthorizationCode method.
Added unit tests.
Verified all unit tests added so far are passing.
Refactored code. Added unit tests.
Refactored OIDC provider to decouple constructor & network-dependent 
initialization.
Added unit tests.
Added unit tests.
Refactored OIDC provider to separately authorize the client. Added unit tests.
Added unit tests.

NIFI-7332 Refactored exchangeAuthorizationCode method to separately retrieve 
the NiFi JWT.

Signed-off-by: Nathan Gough <[email protected]>

This closes #4344.


> Improve communication to user when OIDC response does not contain usable 
> claims
> -------------------------------------------------------------------------------
>
>                 Key: NIFI-7332
>                 URL: https://issues.apache.org/jira/browse/NIFI-7332
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework, Security
>    Affects Versions: 1.11.4
>            Reporter: Andy LoPresto
>            Assignee: M Tien
>            Priority: Major
>              Labels: oidc, security
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> The messaging displayed to the user/admin does not clearly indicate the 
> problem if the OIDC response does not contain a claim that NiFi is configured 
> to use (i.e. NiFi expects an {{email}} claim but the user does not have an 
> email configured on the OIDC IdP). 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to