Hi -
Is it possible for NiFi to automatically grant user access to NiFi based on an
OIDC authenticated users group membership matching a group in NiFi?
I'm using the latest 1.19.1 with OIDC enabled and integrated with Keycloak.
In Keycloak I have created a test user and assigned them to group "Test Group".
In NiFi I have created a group called "Test Group" and granted it some policies.
I have enabled the "nifi.security.user.oidc.claim.groups" config option to
obtain the OIDC groups from Keycloak.
If I pre-create a user account in NiFi and add them to "Test Group" then they
can successfully login via OIDC and get the required policies.
But what I want is to not have to pre-create the users.
Instead I would like NiFi to evaluate an authenticated users OIDC group
membership, and if a group name in OIDC matches one in NiFi then it should
allow them access to NiFi using the policies assigned to the matching group in
NiFi.
Is this possible?
Appreciate your help!
Dave
