nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vijay Jammi <vjammi.apa...@gmail.com>
Subject Re: Extending StandardOidcIdentityProvider
Date Tue, 26 Jan 2021 02:38:03 GMT
 Thank You Bryan.

It seems like using assertions to authenticate a client with the token
endpoint is more common within enterprises. Here is a link to the RFC
<https://tools.ietf.org/html/rfc7521#page-9> and a sample code
<https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/client-assertion>
from Microsoft.

Vijay Jammi


On Tue, Jan 19, 2021 at 9:44 AM Bryan Bende <bbende@gmail.com> wrote:

> Hello,
>
> 1) I don't think NiFi currently supports the client id + x509
> scenario, is this part of the OIDC standard? If so then maybe it can
> be an improvement that is implemented.
>
> 2) The OIDC code in NiFi is not part of an extension point, so you
> can't just plug in your own version. You would have to modify the code
> in NiFi and rebuild the nifi-framework-nar with your changes.
>
> -Bryan
>
> On Fri, Jan 15, 2021 at 1:25 PM Vijay Jammi <vjammi.apache@gmail.com>
> wrote:
> >
> > Hello there,
> >
> > I am trying to enable OIDC [OpenIDConnect/OAuth2.0] for our on prem Nifi
> > with our on prem Identity Provider [Microsoft ADFS].
> >
> > Now, it looks like Nifi's authorization code flow requires a client id [
> > nifi.security.user.oidc.client.id] and client secret
> > [nifi.security.user.oidc.client.secret] to be able to exchange
> > Authorization Code for an Access and Id Token. However, our Authorization
> > Server only supports client id and x509 client certificate based
> > authentication [Client Assertion] for the exchange. So my question here
> is
> >
> >  1. Is there way to configure Nifi for client id and x509 client
> > certificate for the exchange?
> >  2. If not, how can we extend Nifi for our need?
> >
> > I am new to Nifi so please excuse me if this is trivial within the Nifi
> > development. I see a StandardOidcIdentityProvider under
> nifi-web-security.
> > Can I override the default functionality by making a custom bundle to
> > override or will I need to rebuild the bundle associated to
> > nifi-web-security and drop it into the Nifi lib?  Any guidance will be
> much
> > appreciated.
> >
> > Thank you in advance.
> >
> > Vijay Jammi
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message