[ 
https://issues.apache.org/jira/browse/NIFI-7332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17153065#comment-17153065
 ] 

ASF subversion and git services commented on NIFI-7332:
-------------------------------------------------------

Commit 43fb57e7bb4b3a3a7714578816ab57ece63349c8 in nifi's branch 
refs/heads/main from mtien
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=43fb57e ]

NIFI-7332 Added method to log available claim names from the ID provider 
response when the OIDC Identifying User claim is not found. Revised log message 
to print available claims.
Added new StandardOidcIdentityProviderGroovyTest file.
Updated deprecated methods in StandardOidcIdentityProvider. Changed log output 
to print all available claim names from JWTClaimsSet. Added unit test.
Added comments in getAvailableClaims() method.
Fixed typos in NiFi Docs Admin Guide.
Added license to Groovy test.
Fixed a checkstyle error.
Refactor exchangeAuthorizationCode method.
Added unit tests.
Verified all unit tests added so far are passing.
Refactored code. Added unit tests.
Refactored OIDC provider to decouple constructor & network-dependent 
initialization.
Added unit tests.
Added unit tests.
Refactored OIDC provider to separately authorize the client. Added unit tests.
Added unit tests.

NIFI-7332 Refactored exchangeAuthorizationCode method to separately retrieve 
the NiFi JWT.

Signed-off-by: Nathan Gough <thena...@gmail.com>

This closes #4344.


> Improve communication to user when OIDC response does not contain usable 
> claims
> -------------------------------------------------------------------------------
>
>                 Key: NIFI-7332
>                 URL: https://issues.apache.org/jira/browse/NIFI-7332
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework, Security
>    Affects Versions: 1.11.4
>            Reporter: Andy LoPresto
>            Assignee: M Tien
>            Priority: Major
>              Labels: oidc, security
>             Fix For: 1.12.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> The messaging displayed to the user/admin does not clearly indicate the 
> problem if the OIDC response does not contain a claim that NiFi is configured 
> to use (i.e. NiFi expects an {{email}} claim but the user does not have an 
> email configured on the OIDC IdP). 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to