[ https://issues.apache.org/jira/browse/NIFI-11438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Grey updated NIFI-11438: ----------------------------- Fix Version/s: 2.0.0 > OIDC requests all available scopes > ---------------------------------- > > Key: NIFI-11438 > URL: https://issues.apache.org/jira/browse/NIFI-11438 > Project: Apache NiFi > Issue Type: Bug > Components: Security > Affects Versions: 1.21.0 > Environment: Windows ADFS used for OIDC > Reporter: Jody DesRoches > Assignee: David Handermann > Priority: Major > Fix For: 2.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > OIDC configuration that works with 1.20.0 fails to login with version 1.21.0. > Logging exceptions in ADFS that indicate NiFi is requesting forbidden > resources. > NiFi is requesting all scopes listed in > ../adfs/.well-known/openid-configuration under {_}scopes_supported{_}. > *Expected* only request scopes "{_}openid{_} _email"_ plus values in > "{_}nifi.security.user.oidc.additional.scopes"{_} > Source code affecting scope selection: > [https://github.com/apache/nifi/blob/3322ad7a20c99dec01ee0c3f530c0566acd13258/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/registration/StandardClientRegistrationProvider.java#L80] > -- This message was sent by Atlassian Jira (v8.20.10#820010)