[NIFI-7333] OIDC provider should use NiFi keystore & truststore - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.11.4
Fix Version/s: 1.16.0
Component/s: Core Framework, Security
Labels:
- keystore
- oidc
- security
- tls

Epic Link:
Improve OIDC Identity Provider

Description

The OIDC provider uses generic HTTPS requests to the OIDC IdP, but does not configure these requests to use the NiFi keystore or truststore. Rather, it uses the default JVM keystore and truststore, which leads to difficulty debugging PKIX and other TLS negotiation errors. It should be switched to use the NiFi keystore and truststore as other NiFi framework services do.

Attachments

Issue Links

links to

GitHub Pull Request #5753

Activity

People

Assignee:: Nathan Gough

Reporter:: Andy LoPresto

Votes:: 4 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 07/Apr/20 18:24

Updated:: 18/Feb/22 20:23

Resolved:: 18/Feb/22 20:23

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

0.5h