[ https://issues.apache.org/jira/browse/NIFI-4698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joseph Witt updated NIFI-4698: ------------------------------ Fix Version/s: (was: 1.5.0) > Nifi Open ID Connect with Azure Active Directory fails to extract email from > UserInfoToken > ------------------------------------------------------------------------------------------ > > Key: NIFI-4698 > URL: https://issues.apache.org/jira/browse/NIFI-4698 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework > Affects Versions: 1.4.0 > Environment: Microsoft Azure > Reporter: Raghu Somasundaram > > While integrating with Microsoft Azure Active Directory through > OpenIDConnect, Azure AD sends back Json response without "email" attribute. > This causes Nifi to throw following exception: > 2017-12-12 16:34:20,442 ERROR [NiFi Web Server-67] > org.apache.nifi.web.api.AccessResource Unable to exchange authorization for > ID token: Unable to extract email from the UserInfo token. > java.lang.IllegalStateException: Unable to extract email from the UserInfo > token. > at > org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.lookupEmail(StandardOidcIdentityProvider.java:352) > at > org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.exchangeAuthorizationCode(StandardOidcIdentityProvider.java:306) > at > org.apache.nifi.web.security.oidc.OidcService.exchangeAuthorizationCode(OidcService.java:192) > at > org.apache.nifi.web.api.AccessResource.oidcCallback(AccessResource.java:256) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) > at > com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$VoidOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:167) > at > com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) > The workaround is to extract "upn" attribute for email. This code fix checks > the json response for "email" attribute. If email is empty, it returns "upn" > value as email. If both email and upn are empty, we thrown the same exception > as above. -- This message was sent by Atlassian JIRA (v6.4.14#64029)