[
https://issues.apache.org/jira/browse/NIFI-7924?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joey Frazee resolved NIFI-7924.
-------------------------------
Resolution: Fixed
> Fallback claim(s) support in OIDC based authentication
> ------------------------------------------------------
>
> Key: NIFI-7924
> URL: https://issues.apache.org/jira/browse/NIFI-7924
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.12.1
> Reporter: Seokwon Yang
> Assignee: Seokwon Yang
> Priority: Minor
> Fix For: 1.13.0
>
> Time Spent: 3h 40m
> Remaining Estimate: 0h
>
> Currently, 'nifi.security.user.oidc.claim.identifying.user' NiFi
> configuration sets only one claim to bind ID token to username. There are
> corner-case where fallback claim should search in case the configured claim
> is not found in ID token.
> For example, not all user directory objects has email address in Azure
> Activity Directory
> ([https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#email]).
> We need a fallback claim support so that when there is no email address
> claim available for a user, the OIDC identity provider should pick up
> fallback claim(s) for the user name. For other users with emails, it should
> continue to use the configured claim to set user name.
>
> I will introduce 'nifi.security.user.oidc.fallback.claims.identifying.user'
> in NiFi properties and implement the fallback logic .
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
