Skip to content
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.

Add auth.oidc.preferredJwsalgorithm param #306

Merged
merged 6 commits into from
Aug 8, 2023
Merged

Add auth.oidc.preferredJwsalgorithm param #306

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4604bc9
Update nifi.properties - Add values - nifi.security.user.oidc.preferr…
happy-code-com Jun 12, 2023
edb3958
Update values.yaml - Add auth.oidc.preferredJwsalgorithm value
happy-code-com Jun 12, 2023
911de22
Update README.md - Add info about nifi.security.user.oidc.preferred.j…
happy-code-com Jun 12, 2023
343fe1e
Update nifi.properties - preferredJwsalgorithm -> preferredJwsAlgorithm
happy-code-com Jun 14, 2023
1aff4a8
Update values.yaml - Changed preferredJwsalgorithm -> preferredJwsAlg…
happy-code-com Jun 14, 2023
4a8fe67
Update README.md - preferredJwsalgorithm -> preferredJwsAlgorithm
happy-code-com Jun 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,7 @@ The following table lists the configurable parameters of the nifi chart and the
| `auth.oidc.clientId` | oidc clientId | `nil` |
| `auth.oidc.clientSecret` | oidc clientSecret | `nil` |
| `auth.oidc.claimIdentifyingUser` | oidc claimIdentifyingUser | `email` |
| `auth.oidc.preferredJwsAlgorithm` | The preferred algorithm for validating identity tokens. If this value is blank, it will default to RS256 which is required to be supported by the OpenID Connect Provider according to the specification. If this value is HS256, HS384, or HS512, NiFi will attempt to validate HMAC protected tokens using the specified client secret. If this value is none, NiFi will attempt to validate unsecured/plain tokens. | `nil` |
| `auth.oidc.admin` | Default OIDC admin identity | `[email protected]` |
| Note that OIDC authentication to a multi-NiFi-node cluster requires Ingress sticky sessions | See [background](https://community.cloudera.com/t5/Support-Questions/OIDC-With-Azure-AD/m-p/232324#M194163) | Also [how](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) |
| **postStart** |
Expand Down
2 changes: 1 addition & 1 deletion configs/nifi.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,7 @@ nifi.security.user.oidc.connect.timeout=5 secs
nifi.security.user.oidc.read.timeout=5 secs
nifi.security.user.oidc.client.id={{.Values.auth.oidc.clientId}}
nifi.security.user.oidc.client.secret={{.Values.auth.oidc.clientSecret}}
nifi.security.user.oidc.preferred.jwsalgorithm=
nifi.security.user.oidc.preferred.jwsalgorithm={{.Values.auth.oidc.preferredJwsAlgorithm}}
nifi.security.user.oidc.claim.identifying.user={{.Values.auth.oidc.claimIdentifyingUser}}
nifi.security.user.oidc.additional.scopes={{.Values.auth.oidc.additionalScopes}}
{{end}}
Expand Down
1 change: 1 addition & 0 deletions values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,7 @@ auth:
clientSecret: #<client_secret_in_oidc_provider>
claimIdentifyingUser: email
admin: [email protected]
preferredJwsAlgorithm:
## Request additional scopes, for example profile
additionalScopes:

Expand Down
Loading