This repository has been archived by the owner on Feb 12, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 228
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add auth.oidc.preferredJwsalgorithm param (#306)
* Update nifi.properties - Add values - nifi.security.user.oidc.preferred.jwsalgorithm={{.Values.auth.oidc.preferredJwsalgorithm}}
* Update values.yaml - Add auth.oidc.preferredJwsalgorithm value
* Update README.md - Add info about nifi.security.user.oidc.preferred.jwsalgorithm- Loading branch information
1 parent
f296a8e
commit 09dac85
Showing
3 changed files
with
3 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -156,6 +156,7 @@ The following table lists the configurable parameters of the nifi chart and the | |
| | `auth.oidc.clientId` | oidc clientId | `nil` | | ||
| | `auth.oidc.clientSecret` | oidc clientSecret | `nil` | | ||
| | `auth.oidc.claimIdentifyingUser` | oidc claimIdentifyingUser | `email` | | ||
| | `auth.oidc.preferredJwsAlgorithm` | The preferred algorithm for validating identity tokens. If this value is blank, it will default to RS256 which is required to be supported by the OpenID Connect Provider according to the specification. If this value is HS256, HS384, or HS512, NiFi will attempt to validate HMAC protected tokens using the specified client secret. If this value is none, NiFi will attempt to validate unsecured/plain tokens. | `nil` | | ||
| | `auth.oidc.admin` | Default OIDC admin identity | `[email protected]` | | ||
| | Note that OIDC authentication to a multi-NiFi-node cluster requires Ingress sticky sessions | See [background](https://community.cloudera.com/t5/Support-Questions/OIDC-With-Azure-AD/m-p/232324#M194163) | Also [how](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) | | ||
| | **postStart** | | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -149,6 +149,7 @@ auth: | |
| clientSecret: #<client_secret_in_oidc_provider> | ||
| claimIdentifyingUser: email | ||
| admin: [email protected] | ||
| preferredJwsAlgorithm: | ||
| ## Request additional scopes, for example profile | ||
| additionalScopes: | ||
|
|
||
|
|
||