nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "W Chang (Jira)" <j...@apache.org>
Subject [jira] [Commented] (NIFI-7584) LOG OUT button does not work when OpenID Connect is used for authentication
Date Mon, 29 Jun 2020 16:18:00 GMT

    [ https://issues.apache.org/jira/browse/NIFI-7584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17147917#comment-17147917
] 

W Chang commented on NIFI-7584:
-------------------------------

Great!  Glad to hear that the issue is currently being investigated.

I expect that when a user logs out, a NiFi page that informs the logout status or the OIDC
SignIn page is displayed.  Thank you.

> LOG OUT button does not work when OpenID Connect is used for authentication
> ---------------------------------------------------------------------------
>
>                 Key: NIFI-7584
>                 URL: https://issues.apache.org/jira/browse/NIFI-7584
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core UI
>    Affects Versions: 1.11.4
>         Environment: CentOS Linux 7
>            Reporter: W Chang
>            Priority: Critical
>              Labels: UI, bug, logout, oidc
>
> When nifi-1.11.4 is integrated with Okta OpenID Connect for authentication, 'LOG OUT'
button on the front page does not work.  It does not log a user out properly without redirecting
to the Logout Redirect URL.  
> When the button is clicked, the following message is displayed on the browser
> {code:java}
> {"errorCode":"invalid_client","errorSummary":"Invalid value for 'client_id' parameter.","errorLink":"invalid_client","errorId":"oae_YfJRUHCQe-BqYnPw6opFg","errorCauses":[]}{code}
> The button makes a GET request to the following address.
> [https://\{hostname}.okta.com/oauth2/v1/logout?post_logout_redirect_uri=https%3A%2F%2F\{nifi
server dns name}%3A\{port number}%2Fnifi-api%2F..%2Fnifi|https://dev-309877.okta.com/oauth2/v1/logout?post_logout_redirect_uri=https%3A%2F%2Fplanet-dl-dev-1.mitre.org%3A9443%2Fnifi-api%2F..%2Fnifi]
> According to Okta document [https://developer.okta.com/blog/2020/03/27/spring-oidc-logout-options,] the
logout endpoint format should be as shown below:
> {{[https://dev-123456.okta.com/oauth2/default/v1/logout?id_token_hint=]<id-token>&post_logout_redirect_uri=[http://localhost:8080/]}}
>  
> {{And it seems that post_logout_redirect_uri should be  "https://\{nifi server dns name}:\{port
number}/nifi-api/access/oidc/logout"}}
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message