nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Bende <bbe...@gmail.com>
Subject Re: Extending StandardOidcIdentityProvider
Date Tue, 19 Jan 2021 14:44:02 GMT
Hello,

1) I don't think NiFi currently supports the client id + x509
scenario, is this part of the OIDC standard? If so then maybe it can
be an improvement that is implemented.

2) The OIDC code in NiFi is not part of an extension point, so you
can't just plug in your own version. You would have to modify the code
in NiFi and rebuild the nifi-framework-nar with your changes.

-Bryan

On Fri, Jan 15, 2021 at 1:25 PM Vijay Jammi <vjammi.apache@gmail.com> wrote:
>
> Hello there,
>
> I am trying to enable OIDC [OpenIDConnect/OAuth2.0] for our on prem Nifi
> with our on prem Identity Provider [Microsoft ADFS].
>
> Now, it looks like Nifi's authorization code flow requires a client id [
> nifi.security.user.oidc.client.id] and client secret
> [nifi.security.user.oidc.client.secret] to be able to exchange
> Authorization Code for an Access and Id Token. However, our Authorization
> Server only supports client id and x509 client certificate based
> authentication [Client Assertion] for the exchange. So my question here is
>
>  1. Is there way to configure Nifi for client id and x509 client
> certificate for the exchange?
>  2. If not, how can we extend Nifi for our need?
>
> I am new to Nifi so please excuse me if this is trivial within the Nifi
> development. I see a StandardOidcIdentityProvider under nifi-web-security.
> Can I override the default functionality by making a custom bundle to
> override or will I need to rebuild the bundle associated to
> nifi-web-security and drop it into the Nifi lib?  Any guidance will be much
> appreciated.
>
> Thank you in advance.
>
> Vijay Jammi

Mime
View raw message