[jira] [Commented] (NIFI-7957) Nifi Content Repo Viewer not working with OIDC
[ https://issues.apache.org/jira/browse/NIFI-7957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17222893#comment-17222893 ] Bryan Bende commented on NIFI-7957: --- Please don't submit bugs against an area of the code you have patched. We will be wasting out time looking into issues we could never reproduce without your code. > Nifi Content Repo Viewer not working with OIDC > -- > > Key: NIFI-7957 > URL: https://issues.apache.org/jira/browse/NIFI-7957 > Project: Apache NiFi > Issue Type: Bug > Components: Core UI >Affects Versions: 1.12.1 >Reporter: Jenil Shah >Priority: Major > Attachments: Screenshot from 2020-10-28 15-11-57.png, Screenshot from > 2020-10-28 15-15-05.png > > > I have enabled OIDC auth in nifi and given proper access permission to user > to view content of flow file.Now I try to see content of flow file from NIFI > UI but it is giving me error. > In ideal flow of nifi,nifi fetch the token using rest api and pass this token > as Authentication header in all subsequent request but when we try to view > content of flowfile it is opening new tab in which all those things are not > happening so Authorization header is not passed in request which is generated > from new tab. This causes auth problem. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7957) Nifi Content Repo Viewer not working with OIDC
[ https://issues.apache.org/jira/browse/NIFI-7957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17222709#comment-17222709 ] Jenil Shah commented on NIFI-7957: -- Okay got the problem. We are having oidc authentication flow. In which we got the groups from access token itself.But in Nifi we need to configure service to get groups from keycloak service(in which we need to configure admin credentials).To avoid it we have done some customization where we saved groups claim in NifiUser and created jwt token based on it.Now instead of fetching groups from other service we parse the group from token itself. But We haven't patched OTP service so we were not getting groups details and faced access denied error.We need advice on these approach how we should avoid fetching groups from other service where we can get it from access token itself. Thanks for prompt response and apologies for wrong bug. > Nifi Content Repo Viewer not working with OIDC > -- > > Key: NIFI-7957 > URL: https://issues.apache.org/jira/browse/NIFI-7957 > Project: Apache NiFi > Issue Type: Bug > Components: Core UI >Affects Versions: 1.12.1 >Reporter: Jenil Shah >Priority: Major > Attachments: Screenshot from 2020-10-28 15-11-57.png, Screenshot from > 2020-10-28 15-15-05.png > > > I have enabled OIDC auth in nifi and given proper access permission to user > to view content of flow file.Now I try to see content of flow file from NIFI > UI but it is giving me error. > In ideal flow of nifi,nifi fetch the token using rest api and pass this token > as Authentication header in all subsequent request but when we try to view > content of flowfile it is opening new tab in which all those things are not > happening so Authorization header is not passed in request which is generated > from new tab. This causes auth problem. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7957) Nifi Content Repo Viewer not working with OIDC
[ https://issues.apache.org/jira/browse/NIFI-7957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17222703#comment-17222703 ] Jenil Shah commented on NIFI-7957: -- I changed authorizations.xml accordingly and somehow it got working. Apology for wrong bug report. You can discard this issue. > Nifi Content Repo Viewer not working with OIDC > -- > > Key: NIFI-7957 > URL: https://issues.apache.org/jira/browse/NIFI-7957 > Project: Apache NiFi > Issue Type: Bug > Components: Core UI >Affects Versions: 1.12.1 >Reporter: Jenil Shah >Priority: Major > Attachments: Screenshot from 2020-10-28 15-11-57.png, Screenshot from > 2020-10-28 15-15-05.png > > > I have enabled OIDC auth in nifi and given proper access permission to user > to view content of flow file.Now I try to see content of flow file from NIFI > UI but it is giving me error. > In ideal flow of nifi,nifi fetch the token using rest api and pass this token > as Authentication header in all subsequent request but when we try to view > content of flowfile it is opening new tab in which all those things are not > happening so Authorization header is not passed in request which is generated > from new tab. This causes auth problem. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7957) Nifi Content Repo Viewer not working with OIDC
[ https://issues.apache.org/jira/browse/NIFI-7957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17222327#comment-17222327 ] Nathan Gough commented on NIFI-7957: So far I've been unable to reproduce this issue using Google Suite OIDC IDP. I thought initially it was a policy configuration issue for either the root process group/canvas or the user policies. If this is a test/non-production NiFi can you please provide your flow.xml.gz, users.xml and authorizations.xml files so I can take a look to figure out what's going wrong here. > Nifi Content Repo Viewer not working with OIDC > -- > > Key: NIFI-7957 > URL: https://issues.apache.org/jira/browse/NIFI-7957 > Project: Apache NiFi > Issue Type: Bug > Components: Core UI >Affects Versions: 1.12.1 >Reporter: Jenil Shah >Priority: Major > Attachments: Screenshot from 2020-10-28 15-11-57.png, Screenshot from > 2020-10-28 15-15-05.png > > > I have enabled OIDC auth in nifi and given proper access permission to user > to view content of flow file.Now I try to see content of flow file from NIFI > UI but it is giving me error. > In ideal flow of nifi,nifi fetch the token using rest api and pass this token > as Authentication header in all subsequent request but when we try to view > content of flowfile it is opening new tab in which all those things are not > happening so Authorization header is not passed in request which is generated > from new tab. This causes auth problem. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7957) Nifi Content Repo Viewer not working with OIDC
[ https://issues.apache.org/jira/browse/NIFI-7957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1725#comment-1725 ] Nathan Gough commented on NIFI-7957: Are you able to download directly from the NiFi flow/canvas, rather than through provenance? > Nifi Content Repo Viewer not working with OIDC > -- > > Key: NIFI-7957 > URL: https://issues.apache.org/jira/browse/NIFI-7957 > Project: Apache NiFi > Issue Type: Bug > Components: Core UI >Affects Versions: 1.12.1 >Reporter: Jenil Shah >Priority: Major > Attachments: Screenshot from 2020-10-28 15-11-57.png, Screenshot from > 2020-10-28 15-15-05.png > > > I have enabled OIDC auth in nifi and given proper access permission to user > to view content of flow file.Now I try to see content of flow file from NIFI > UI but it is giving me error. > In ideal flow of nifi,nifi fetch the token using rest api and pass this token > as Authentication header in all subsequent request but when we try to view > content of flowfile it is opening new tab in which all those things are not > happening so Authorization header is not passed in request which is generated > from new tab. This causes auth problem. -- This message was sent by Atlassian Jira (v8.3.4#803005)
