Skip to content
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.

Add auth.oidc.preferredJwsalgorithm param #306

Merged
merged 6 commits into from
Aug 8, 2023
Merged
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,7 @@ The following table lists the configurable parameters of the nifi chart and the
| `auth.oidc.clientId` | oidc clientId | `nil` |
| `auth.oidc.clientSecret` | oidc clientSecret | `nil` |
| `auth.oidc.claimIdentifyingUser` | oidc claimIdentifyingUser | `email` |
| `auth.oidc.preferredJwsalgorithm` | The preferred algorithm for validating identity tokens. If this value is blank, it will default to RS256 which is required to be supported by the OpenID Connect Provider according to the specification. If this value is HS256, HS384, or HS512, NiFi will attempt to validate HMAC protected tokens using the specified client secret. If this value is none, NiFi will attempt to validate unsecured/plain tokens. | `nil` |
| `auth.oidc.admin` | Default OIDC admin identity | `[email protected]` |
| Note that OIDC authentication to a multi-NiFi-node cluster requires Ingress sticky sessions | See [background](https://community.cloudera.com/t5/Support-Questions/OIDC-With-Azure-AD/m-p/232324#M194163) | Also [how](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) |
| **postStart** |
Expand Down
2 changes: 1 addition & 1 deletion configs/nifi.properties
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,7 @@ nifi.security.user.oidc.connect.timeout=5 secs
nifi.security.user.oidc.read.timeout=5 secs
nifi.security.user.oidc.client.id={{.Values.auth.oidc.clientId}}
nifi.security.user.oidc.client.secret={{.Values.auth.oidc.clientSecret}}
nifi.security.user.oidc.preferred.jwsalgorithm=
nifi.security.user.oidc.preferred.jwsalgorithm={{.Values.auth.oidc.preferredJwsalgorithm}}
nifi.security.user.oidc.claim.identifying.user={{.Values.auth.oidc.claimIdentifyingUser}}
nifi.security.user.oidc.additional.scopes={{.Values.auth.oidc.additionalScopes}}
{{end}}
Expand Down
1 change: 1 addition & 0 deletions values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,7 @@ auth:
clientSecret: #<client_secret_in_oidc_provider>
claimIdentifyingUser: email
admin: [email protected]
preferredJwsalgorithm:
## Request additional scopes, for example profile
additionalScopes:

Expand Down