This is an automated email from the ASF dual-hosted git repository. exceptionfactory pushed a commit to branch support/nifi-1.x in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/support/nifi-1.x by this push: new 7256211cdb NIFI-12172 Added OpenID Connect example to Registry Docker README 7256211cdb is described below commit 7256211cdba228270b3440e33f35cf7ad41a03c8 Author: Marcelo VinÃcius de Sousa Campos <mr....@hotmail.com> AuthorDate: Wed Oct 4 17:51:03 2023 -0300 NIFI-12172 Added OpenID Connect example to Registry Docker README This closes #7839 Co-authored-by: David Handermann <exceptionfact...@apache.org> Signed-off-by: David Handermann <exceptionfact...@apache.org> (cherry picked from commit 90ff8748273ea1dfde2a97281e4d3960d1595727) --- .../nifi-registry-docker/dockerhub/README.md | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/README.md b/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/README.md index 57882424f7..a2b28e6978 100644 --- a/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/README.md +++ b/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/README.md @@ -124,6 +124,34 @@ The following, optional environment variables may be added to the above command -e LDAP_TLS_TRUSTSTORE_PASSWORD: '' -e LDAP_TLS_TRUSTSTORE_TYPE: '' +### Secured with OpenID Connect Authentication +In this configuration, the user will need to provide certificates and associated configuration information. +Of particular note, is the `AUTH` environment variable which is set to `oidc`. Additionally, the user must provide a +in the `INITIAL_ADMIN_IDENTITY` environment variable. This value will be used to seed the instance with an initial +user with administrative privileges. + + docker run --name nifi-registry \ + -v $(pwd)/certs/localhost:/opt/certs \ + -p 18443:18443 \ + -e AUTH=oidc \ + -e KEYSTORE_PATH=/opt/certs/keystore.p12 \ + -e KEYSTORE_TYPE=PKCS12 \ + -e KEYSTORE_PASSWORD=PLACEHOLDER \ + -e TRUSTSTORE_PATH=/opt/certs/truststore.p12 \ + -e TRUSTSTORE_PASSWORD=PLACEHOLDER \ + -e TRUSTSTORE_TYPE=PKCS12 \ + -e INITIAL_ADMIN_IDENTITY=PLACHOLDER_USER \ + -e NIFI_REGISTRY_SECURITY_USER_OIDC_DISCOVERY_URL=http://OIDC_SERVER/.well-known/openid-configuration \ + -e NIFI_REGISTRY_SECURITY_USER_OIDC_CONNECT_TIMEOUT=10000 \ + -e NIFI_REGISTRY_SECURITY_USER_OIDC_READ_TIMEOUT=10000 \ + -e NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_ID=CLIENT_ID \ + -e NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_SECRET=CLIENT_SECRET \ + -e NIFI_REGISTRY_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM=RS256 \ + -e NIFI_REGISTRY_SECURITY_USER_OIDC_ADDITIONAL_SCOPES=profile \ + -e NIFI_REGISTRY_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER=preferred_username \ + -d \ + apache/nifi-registry:latest + ### Additional Configuration Options #### Database Configuration