-1 (binding) based on David's findings. On Fri, Jan 29, 2021 at 5:36 PM David Handermann <exceptionfact...@gmail.com> wrote:
> -1 non-binding. > > Verified release with successful build on Azul Zulu JDK 11.0.10 on Ubuntu > 20.0.10. > Verified sample flow with InvokeHTTP and ListenHTTP processors using > multiple keystore types and TLS configuration options. > > Unfortunately found bcprov-ext-jdk15on-1.60.jar together with > bcprov-jdk15on-1.68.jar in nifi-framework-nar. The > bcprov-ext-jdk15on-1.60.jar library is apparently a transitive dependency > of spring-security-saml2-core through a library named > com.narupley:not-going-to-be-commons-ssl. The Bouncy Castle libraries > should be version 1.68 throughout the NiFi framework. The > bcprov-ext-jdk15on library contains the same classes as bcprov-jdk15on plus > a handful of additional classes for infrequently used algorithms. The > presence of both versions did not appear to cause problems during initial > tests, but it could cause unexpected behavior at runtime depending on which > version gets loaded. If the Spring Security SAML2 library requires the > algorithms present in bcprov-ext-jdk15on, it will probably be necessary to > change dependencies in NiFi to replace references to bcprov-jdk15on with > bcprov-ext-jdk15on to ensure a consistent version and avoid duplication. > > Regards, > David Handermann > > On Fri, Jan 29, 2021 at 5:33 PM M Tien <mtien.apa...@gmail.com> wrote: > > > +1 non-binding. > > > > Went through the release guide > > Verified a full build on JDK 1.8.0_275 and JDK 11.0.5 > > Verified a secure instance of NiFi > > Verified I was able to authenticate with OIDC using Google, Okta, and > > Azure and I can successfully log out and invalidate the JWT. > > > > - Margot >