This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new b8fd22e065 NIFI-12141 This closes #7805. Update README about HTTPS and
OpenID Authentication for Docker Image
b8fd22e065 is described below
commit b8fd22e0659549f89db831460c1312686fb51b95
Author: Marcelo VinÃcius de Sousa Campos
AuthorDate: Thu Sep 28 09:52:22 2023 -0300
NIFI-12141 This closes #7805. Update README about HTTPS and OpenID
Authentication for Docker Image
According to this recent issue
[NIFI-12135](https://issues.apache.org/jira/browse/NIFI-12135) I've forgotten
to add 2 missing environment variables about OIDC configurations for docker
image:
- NIFI_SECURITY_USER_OIDC_CLAIM_GROUPS and
- NIFI_SECURITY_USER_OIDC_TOKEN_REFRESH_WINDOW
Signed-off-by: Joseph Witt
---
nifi-docker/dockerhub/README.md | 24 +---
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/nifi-docker/dockerhub/README.md b/nifi-docker/dockerhub/README.md
index 422e6dcf13..a3e8388ae5 100644
--- a/nifi-docker/dockerhub/README.md
+++ b/nifi-docker/dockerhub/README.md
@@ -188,7 +188,7 @@ user with administrative privileges.
### For a minimal, connection to an OpenID server
docker run --name nifi \
- -v /User/dreynolds/certs/localhost:/opt/certs \
+ -v $(pwd)/certs/localhost:/opt/certs \
-p 8443:8443 \
-e AUTH=oidc \
-e KEYSTORE_PATH=/opt/certs/keystore.jks \
@@ -198,16 +198,18 @@ user with administrative privileges.
-e TRUSTSTORE_PASSWORD=rHkWR1gDNW3R9hgbeRsT3OM3Ue0zwGtQqcFKJD2EXWE \
-e TRUSTSTORE_TYPE=JKS \
-e INITIAL_ADMIN_IDENTITY='test' \
- -e NIFI_SECURITY_USER_OIDC_DISCOVERY_URL:
http://OPENID_SERVER_URL/auth/realms/OPENID_REALM/.well-known/openid-configuration
\
- -e NIFI_SECURITY_USER_OIDC_CONNECT_TIMEOUT: 1 \
- -e NIFI_SECURITY_USER_OIDC_READ_TIMEOUT: 1 \
- -e NIFI_SECURITY_USER_OIDC_CLIENT_ID: nifi \
- -e NIFI_SECURITY_USER_OIDC_CLIENT_SECRET:
tU47ugXO308WZqf5TtylyoMX3xH6W0kN \
- -e NIFI_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM: RS256 \
- -e NIFI_SECURITY_USER_OIDC_ADDITIONAL_SCOPES: email \
- -e NIFI_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER: preferred_username \
- -e NIFI_SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER: email \
- -e NIFI_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY: PKIX \
+ -e
NIFI_SECURITY_USER_OIDC_DISCOVERY_URL=http://OPENID_SERVER_URL/auth/realms/OPENID_REALM/.well-known/openid-configuration
\
+ -e NIFI_SECURITY_USER_OIDC_CONNECT_TIMEOUT=1 \
+ -e NIFI_SECURITY_USER_OIDC_READ_TIMEOUT=1 \
+ -e NIFI_SECURITY_USER_OIDC_CLIENT_ID=nifi \
+ -e
NIFI_SECURITY_USER_OIDC_CLIENT_SECRET=tU47ugXO308WZqf5TtylyoMX3xH6W0kN \
+ -e NIFI_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM=RS256 \
+ -e NIFI_SECURITY_USER_OIDC_ADDITIONAL_SCOPES=email \
+ -e NIFI_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER=preferred_username \
+ -e NIFI_SECURITY_USER_OIDC_CLAIM_GROUPS=admin \
+ -e NIFI_SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER=email \
+ -e NIFI_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY=PKIX \
+ -e NIFI_SECURITY_USER_OIDC_TOKEN_REFRESH_WINDOW='60 secs' \
-d \
apache/nifi:latest