Hello, Currently OIDC is only part of authentication, and the authenticated user identity is then passed to whatever authorizer is configured. If you wanted to authorize any authenticated user to do anything, then you could implement your own Authorizer that just returns approved for everything.
When adding SAML support, we did create a new way to pass the users groups along from the identity provider into NiFi’s Authorizer, so presumably if OIDC responses contain group info, then we could do the same thing. The groups would still need to be manually defined in Nifi so that policies can be created against them, but the membership wouldn’t need to be defined in Nifi. Thanks, Bryan On Mon, Aug 2, 2021 at 5:03 PM Jon Logan <[email protected]> wrote: > Hi, > > I am trying to use OIDC for Authentication, but it seems to not support > any form of Authorization -- is there any way to avoid having to manually > list every user permitted after installation? ex. allow all authenticated > users, or support groups from the OIDC provider? > > Thanks! > -- Sent from Gmail Mobile
