HI Did you manage to fix this? i have similar case, instead of keycloak, i was trying to integrate with Microsoft Entraid
On Mon, 21 Jul 2025 at 11:36, <[email protected]> wrote: > Hello Dear NiFi users, > > is there any up to date manual how to integrate Apache NiFi with Keycloak? > I'm struggling with this since few days without positive resultat. > > My nifi.properties configuration: > > nifi.security.user.authorizer=managed-authorizer > nifi.security.allow.anonymous.authentication=false > nifi.security.user.login.identity.provider=oidc-provider > nifi.security.user.jws.key.rotation.period=PT1H > nifi.security.ocsp.responder.url= > nifi.security.ocsp.responder.certificate= > > # OpenId Connect SSO Properties # > nifi.security.user.oidc.discovery.url= > http://localhost:8080/realms/nifi-realm/.well-known/openid-configuration > nifi.security.user.oidc.connect.timeout=5 secs > nifi.security.user.oidc.read.timeout=5 secs > nifi.security.user.oidc.client.id=nifi-client > nifi.security.user.oidc.client.secret=SomeKey > nifi.security.user.oidc.preferred.jwsalgorithm=RS256 > nifi.security.user.oidc.claim.identifying.user=preferred_username > nifi.security.user.oidc.fallback.claims.identifying.user= > nifi.security.user.oidc.claim.groups=groups > nifi.security.user.oidc.token.refresh.window=60 secs > > authorizers.xml: > > <?xml version="1.0" encoding="UTF-8" standalone="yes"?> > <authorizers> > <userGroupProvider> > <identifier>keycloak-user-group-provider</identifier> > <class>org.apache.nifi.authorization.KeycloakUserGroupProvider</ > class> > <property name="ServerUrl">http://localhost:8080/</property> > <property name="Realm">nifi-realm</property> > <property name="Username">admin</property> > <property name="Password">***</property> > <property name="ClientID">admin-cli</property> > </userGroupProvider> > > <accessPolicyProvider> > <identifier>file-access-policy-provider</identifier> > <class>org.apache.nifi.authorization.FileAccessPolicyProvider</ > class> > <property name="User Group Provider">keycloak-user-group-provider > </property> > <property name="Authorizations File">./conf/authorizations.xml</ > property> > <property name="Initial Admin Identity">admin</property> > </accessPolicyProvider> > <authorizer> > <identifier>managed-authorizer</identifier> > <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> > <property name="Access Policy Provider">file-access-policy-provider</ > property> > </authorizer> > </authorizers> > > login-identity-providers.xml: > > <?xml version="1.0" encoding="UTF-8" standalone="yes"?> > <loginIdentityProviders> > <provider> > <identifier>oidc-provider</identifier> > <class>org.apache.nifi.authentication.single.oidc.OidcIdentityProvider</ > class> > <property name="Discovery URL"> > http://localhost:8080/realms/nifi-realm/.well-known/openid-configuration</ > property> > <property name="Client ID">nifi-client</property> > <property name="Client Secret">SomeKey</property> > <property name="Connect Timeout">5 secs</property> > <property name="Read Timeout">5 secs</property> > <property name="Preferred JWS Algorithm">RS256</property> > <property name="Claim Identifying User">preferred_username</property> > </provider> > </loginIdentityProviders> > > What I'm doing wrong? > > Regards > > > > > > > > -- Yours Sincerely Ben.T.George *" Live like you will die tomorrow, learn like you will live forever "*
