This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch support/nifi-1.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/support/nifi-1.x by this push:
new 7256211cdb NIFI-12172 Added OpenID Connect example to Registry Docker
README
7256211cdb is described below
commit 7256211cdba228270b3440e33f35cf7ad41a03c8
Author: Marcelo VinÃcius de Sousa Campos <mr....@hotmail.com>
AuthorDate: Wed Oct 4 17:51:03 2023 -0300
NIFI-12172 Added OpenID Connect example to Registry Docker README
This closes #7839
Co-authored-by: David Handermann <exceptionfact...@apache.org>
Signed-off-by: David Handermann <exceptionfact...@apache.org>
(cherry picked from commit 90ff8748273ea1dfde2a97281e4d3960d1595727)
---
.../nifi-registry-docker/dockerhub/README.md | 28 ++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/README.md
b/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/README.md
index 57882424f7..a2b28e6978 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/README.md
+++ b/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/README.md
@@ -124,6 +124,34 @@ The following, optional environment variables may be added
to the above command
-e LDAP_TLS_TRUSTSTORE_PASSWORD: ''
-e LDAP_TLS_TRUSTSTORE_TYPE: ''
+### Secured with OpenID Connect Authentication
+In this configuration, the user will need to provide certificates and
associated configuration information.
+Of particular note, is the `AUTH` environment variable which is set to `oidc`.
Additionally, the user must provide a
+in the `INITIAL_ADMIN_IDENTITY` environment variable. This value will be used
to seed the instance with an initial
+user with administrative privileges.
+
+ docker run --name nifi-registry \
+ -v $(pwd)/certs/localhost:/opt/certs \
+ -p 18443:18443 \
+ -e AUTH=oidc \
+ -e KEYSTORE_PATH=/opt/certs/keystore.p12 \
+ -e KEYSTORE_TYPE=PKCS12 \
+ -e KEYSTORE_PASSWORD=PLACEHOLDER \
+ -e TRUSTSTORE_PATH=/opt/certs/truststore.p12 \
+ -e TRUSTSTORE_PASSWORD=PLACEHOLDER \
+ -e TRUSTSTORE_TYPE=PKCS12 \
+ -e INITIAL_ADMIN_IDENTITY=PLACHOLDER_USER \
+ -e
NIFI_REGISTRY_SECURITY_USER_OIDC_DISCOVERY_URL=http://OIDC_SERVER/.well-known/openid-configuration
\
+ -e NIFI_REGISTRY_SECURITY_USER_OIDC_CONNECT_TIMEOUT=10000 \
+ -e NIFI_REGISTRY_SECURITY_USER_OIDC_READ_TIMEOUT=10000 \
+ -e NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_ID=CLIENT_ID \
+ -e NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_SECRET=CLIENT_SECRET \
+ -e NIFI_REGISTRY_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM=RS256 \
+ -e NIFI_REGISTRY_SECURITY_USER_OIDC_ADDITIONAL_SCOPES=profile \
+ -e
NIFI_REGISTRY_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER=preferred_username \
+ -d \
+ apache/nifi-registry:latest
+
### Additional Configuration Options
#### Database Configuration
