[jira] [Commented] (NIFI-4210) Add OpenId Connect support for authenticating users

Tue, 08 Aug 2017 19:30:23 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-4210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16119325#comment-16119325
 ] 

ASF GitHub Bot commented on NIFI-4210:
--------------------------------------

Github user alopresto commented on the issue:

    https://github.com/apache/nifi/pull/2047
  
    I'm still reviewing. I have this working very well with Google being the 
IdP. One thing I have noticed in the `nifi-user.log` is that the token is 
logged at `INFO` level on every request. I believe this is from 
[`NiFiAuthenticationFilter:174`](https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java#L174-L174)
 (line 53 also prints the token). I think these lines should be fixed -- I 
understand wanting to print the incoming information to help with debugging, 
but I don't think the raw token should be printed here, so there should be some 
control logic or the `#toString()` method should be overridden. 
    
    ```
    2017-08-08 19:21:18,784 INFO [NiFi Web Server-18] 
o.a.n.w.s.NiFiAuthenticationFilter Attempting request for 
(eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhbG9wcmVzdG8uYXBhY2hlQGdtYWlsLmNvbSIsImlzcyI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbSIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbSIsInByZWZlcnJlZF91c2VybmFtZSI6ImFsb3ByZXN0by5hcGFjaGVAZ21haWwuY29tIiwia2lkIjoxLCJleHAiOjE1MDIyNDg4NzcsImlhdCI6MTUwMjI0NTI3OH0.hHb4zJljXgv9ja_x46nFjxkYAXgGmuPXtJEm44Mrxj4)
 GET https://localhost:9443/nifi-api/flow/current-user (source ip: 127.0.0.1)
    2017-08-08 19:21:18,839 INFO [NiFi Web Server-18] 
o.a.n.w.s.NiFiAuthenticationFilter Authentication success for 
alopresto.apa...@gmail.com
    2017-08-08 19:21:18,918 INFO [NiFi Web Server-84] 
o.a.n.w.s.NiFiAuthenticationFilter Attempting request for 
(eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhbG9wcmVzdG8uYXBhY2hlQGdtYWlsLmNvbSIsImlzcyI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbSIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbSIsInByZWZlcnJlZF91c2VybmFtZSI6ImFsb3ByZXN0by5hcGFjaGVAZ21haWwuY29tIiwia2lkIjoxLCJleHAiOjE1MDIyNDg4NzcsImlhdCI6MTUwMjI0NTI3OH0.hHb4zJljXgv9ja_x46nFjxkYAXgGmuPXtJEm44Mrxj4)
 GET https://localhost:9443/nifi-api/flow/client-id (source ip: 127.0.0.1)
    2017-08-08 19:21:18,920 INFO [NiFi Web Server-84] 
o.a.n.w.s.NiFiAuthenticationFilter Authentication success for 
alopresto.apa...@gmail.com
    ```
    



> Add OpenId Connect support for authenticating users
> ---------------------------------------------------
>
>                 Key: NIFI-4210
>                 URL: https://issues.apache.org/jira/browse/NIFI-4210
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Core UI
>            Reporter: Matt Gilman
>            Assignee: Matt Gilman
>
> Add support for authenticating users with the OpenId Connection 
> specification. Evaluate whether a new extension point is necessary to allow 
> for a given provider to supply custom code for instance to implement custom 
> token validation.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to