[
https://issues.apache.org/jira/browse/NIFI-7333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17494813#comment-17494813
]
ASF subversion and git services commented on NIFI-7333:
-------------------------------------------------------
Commit 7ef2fd2986461b632e398b7ddff47db153c3c0e5 in nifi's branch
refs/heads/main from Nathan Gough
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=7ef2fd2 ]
NIFI-7333 Added OIDC trust store strategy property
This closes #5753
Signed-off-by: David Handermann <exceptionfact...@apache.org>
> OIDC provider should use NiFi keystore & truststore
> ---------------------------------------------------
>
> Key: NIFI-7333
> URL: https://issues.apache.org/jira/browse/NIFI-7333
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Security
> Affects Versions: 1.11.4
> Reporter: Andy LoPresto
> Assignee: Nathan Gough
> Priority: Major
> Labels: keystore, oidc, security, tls
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The OIDC provider uses generic HTTPS requests to the OIDC IdP, but does not
> configure these requests to use the NiFi keystore or truststore. Rather, it
> uses the default JVM keystore and truststore, which leads to difficulty
> debugging PKIX and other TLS negotiation errors. It should be switched to use
> the NiFi keystore and truststore as other NiFi framework services do.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
