[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: macdoor network topology.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: RFC6749 flow.png, macdoor network topology.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: (was: macdoor network topology.png)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: RFC6749 flow.png, 截屏2023-04-08 12.40.30.png,
> 截屏2023-04-09 13.17.25.png, 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: macdoor network topology.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: RFC6749 flow.png, macdoor network topology.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: RFC6749 flow.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: RFC6749 flow.png, 截屏2023-04-08 12.40.30.png,
> 截屏2023-04-09 13.17.25.png, 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: (was: Oracle OAuth 2.0 Flow notes.png)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: (was: image-2023-04-13-14-10-09-263.png)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: (was: image-2023-04-13-14-10-23-436.png)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: (was: oracle oauth_revoke_token_flow.png)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: Oracle OAuth 2.0 Flow notes.png,
> image-2023-04-13-14-10-09-263.png, image-2023-04-13-14-10-23-436.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: (was: RFC OAuth 2.0 Flow notes.png)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: Oracle OAuth 2.0 Flow notes.png,
> image-2023-04-13-14-10-09-263.png, image-2023-04-13-14-10-23-436.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: image-2023-04-13-14-10-23-436.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: Oracle OAuth 2.0 Flow notes.png, RFC OAuth 2.0 Flow
> notes.png, image-2023-04-13-14-10-09-263.png,
> image-2023-04-13-14-10-23-436.png, oracle oauth_revoke_token_flow.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: image-2023-04-13-14-10-09-263.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: Oracle OAuth 2.0 Flow notes.png, RFC OAuth 2.0 Flow
> notes.png, image-2023-04-13-14-10-09-263.png,
> image-2023-04-13-14-10-23-436.png, oracle oauth_revoke_token_flow.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: oracle oauth_revoke_token_flow.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: Oracle OAuth 2.0 Flow notes.png, RFC OAuth 2.0 Flow
> notes.png, oracle oauth_revoke_token_flow.png, 截屏2023-04-08 12.40.30.png,
> 截屏2023-04-09 13.17.25.png, 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: Oracle OAuth 2.0 Flow notes.png
RFC OAuth 2.0 Flow notes.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: Oracle OAuth 2.0 Flow notes.png, RFC OAuth 2.0 Flow
> notes.png, 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-11409:
Summary: OIDC Token Revocation Error on Logout (was: nifi cluster cannot
logout with oidc authentication)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
>
