[ https://issues.apache.org/jira/browse/NIFI-7333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17494813#comment-17494813 ]
ASF subversion and git services commented on NIFI-7333: ------------------------------------------------------- Commit 7ef2fd2986461b632e398b7ddff47db153c3c0e5 in nifi's branch refs/heads/main from Nathan Gough [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=7ef2fd2 ] NIFI-7333 Added OIDC trust store strategy property This closes #5753 Signed-off-by: David Handermann <exceptionfact...@apache.org> > OIDC provider should use NiFi keystore & truststore > --------------------------------------------------- > > Key: NIFI-7333 > URL: https://issues.apache.org/jira/browse/NIFI-7333 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework, Security > Affects Versions: 1.11.4 > Reporter: Andy LoPresto > Assignee: Nathan Gough > Priority: Major > Labels: keystore, oidc, security, tls > Time Spent: 20m > Remaining Estimate: 0h > > The OIDC provider uses generic HTTPS requests to the OIDC IdP, but does not > configure these requests to use the NiFi keystore or truststore. Rather, it > uses the default JVM keystore and truststore, which leads to difficulty > debugging PKIX and other TLS negotiation errors. It should be switched to use > the NiFi keystore and truststore as other NiFi framework services do. -- This message was sent by Atlassian Jira (v8.20.1#820001)