Greetings, All my attempts to get OpenID (Okta) working with NiFi Registry 1.23.2 failed. Note that I have OpenID with Okta working on nodes with NiFi 1.15.3 and NiFi 1.23.2 so I know how to configure Okta and NiFi for this. It is only with the registry I cannot get it working.
It has been two days I am working on this problem. Obviously, I copied (with proper modifications) the configuration of my NiFi node to the NiFi Registry regarding OpenID. NiFi Registry stubbornly ask for the client to provide a TLS Certificate which I do not and thus get ERR_BAD_SSL_CLIENT_AUTH_CERT. In the log files (DEBUG mode enabled), I do not see any attempts to communicate with Okta. First, is there a way to configure NiFi Registry to not even attempt to try a TLS certificate authentication? Given I have all the .*oidc.* parameters configured in nifi-registry.properties, how can I force NiFi Registry to use OpenID? As a example what I have tried, I configured: $ cat identity-providers.xml <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <identityProviders/> and in nifi-registry.properties: nifi.registry.security.identity.provider=openid But then I get the following error: OpenId Connect support cannot be enabled if the Login Identity Provider or Apache Knox SSO is configured. identity-providers.xml is empty and nowhere is Knox configured (grep -i knox returns noting in conf/). I tried many other stuffs... but if you have the recipe, please kindly share your secret. Best regards, Hans Deragon
