nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex D Resnick (Jira)" <j...@apache.org>
Subject [jira] [Commented] (NIFI-7333) OIDC provider should use NiFi keystore & truststore
Date Sun, 12 Apr 2020 02:55:00 GMT

    [ https://issues.apache.org/jira/browse/NIFI-7333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17081622#comment-17081622
] 

Alex D Resnick commented on NIFI-7333:
--------------------------------------

I am currently having this issue as well!

> OIDC provider should use NiFi keystore & truststore
> ---------------------------------------------------
>
>                 Key: NIFI-7333
>                 URL: https://issues.apache.org/jira/browse/NIFI-7333
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework, Security
>    Affects Versions: 1.11.4
>            Reporter: Andy LoPresto
>            Priority: Major
>              Labels: keystore, oidc, security, tls
>
> The OIDC provider uses generic HTTPS requests to the OIDC IdP, but does not configure
these requests to use the NiFi keystore or truststore. Rather, it uses the default JVM keystore
and truststore, which leads to difficulty debugging PKIX and other TLS negotiation errors.
It should be switched to use the NiFi keystore and truststore as other NiFi framework services
do. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message