This is an automated email from the ASF dual-hosted git repository. joewitt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push: new b8fd22e065 NIFI-12141 This closes #7805. Update README about HTTPS and OpenID Authentication for Docker Image b8fd22e065 is described below commit b8fd22e0659549f89db831460c1312686fb51b95 Author: Marcelo VinÃcius de Sousa Campos <mr....@hotmail.com> AuthorDate: Thu Sep 28 09:52:22 2023 -0300 NIFI-12141 This closes #7805. Update README about HTTPS and OpenID Authentication for Docker Image According to this recent issue [NIFI-12135](https://issues.apache.org/jira/browse/NIFI-12135) I've forgotten to add 2 missing environment variables about OIDC configurations for docker image: - NIFI_SECURITY_USER_OIDC_CLAIM_GROUPS and - NIFI_SECURITY_USER_OIDC_TOKEN_REFRESH_WINDOW Signed-off-by: Joseph Witt <joew...@apache.org> --- nifi-docker/dockerhub/README.md | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/nifi-docker/dockerhub/README.md b/nifi-docker/dockerhub/README.md index 422e6dcf13..a3e8388ae5 100644 --- a/nifi-docker/dockerhub/README.md +++ b/nifi-docker/dockerhub/README.md @@ -188,7 +188,7 @@ user with administrative privileges. ### For a minimal, connection to an OpenID server docker run --name nifi \ - -v /User/dreynolds/certs/localhost:/opt/certs \ + -v $(pwd)/certs/localhost:/opt/certs \ -p 8443:8443 \ -e AUTH=oidc \ -e KEYSTORE_PATH=/opt/certs/keystore.jks \ @@ -198,16 +198,18 @@ user with administrative privileges. -e TRUSTSTORE_PASSWORD=rHkWR1gDNW3R9hgbeRsT3OM3Ue0zwGtQqcFKJD2EXWE \ -e TRUSTSTORE_TYPE=JKS \ -e INITIAL_ADMIN_IDENTITY='test' \ - -e NIFI_SECURITY_USER_OIDC_DISCOVERY_URL: http://OPENID_SERVER_URL/auth/realms/OPENID_REALM/.well-known/openid-configuration \ - -e NIFI_SECURITY_USER_OIDC_CONNECT_TIMEOUT: 10000 \ - -e NIFI_SECURITY_USER_OIDC_READ_TIMEOUT: 10000 \ - -e NIFI_SECURITY_USER_OIDC_CLIENT_ID: nifi \ - -e NIFI_SECURITY_USER_OIDC_CLIENT_SECRET: tU47ugXO308WZqf5TtylyoMX3xH6W0kN \ - -e NIFI_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM: RS256 \ - -e NIFI_SECURITY_USER_OIDC_ADDITIONAL_SCOPES: email \ - -e NIFI_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER: preferred_username \ - -e NIFI_SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER: email \ - -e NIFI_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY: PKIX \ + -e NIFI_SECURITY_USER_OIDC_DISCOVERY_URL=http://OPENID_SERVER_URL/auth/realms/OPENID_REALM/.well-known/openid-configuration \ + -e NIFI_SECURITY_USER_OIDC_CONNECT_TIMEOUT=10000 \ + -e NIFI_SECURITY_USER_OIDC_READ_TIMEOUT=10000 \ + -e NIFI_SECURITY_USER_OIDC_CLIENT_ID=nifi \ + -e NIFI_SECURITY_USER_OIDC_CLIENT_SECRET=tU47ugXO308WZqf5TtylyoMX3xH6W0kN \ + -e NIFI_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM=RS256 \ + -e NIFI_SECURITY_USER_OIDC_ADDITIONAL_SCOPES=email \ + -e NIFI_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER=preferred_username \ + -e NIFI_SECURITY_USER_OIDC_CLAIM_GROUPS=admin \ + -e NIFI_SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER=email \ + -e NIFI_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY=PKIX \ + -e NIFI_SECURITY_USER_OIDC_TOKEN_REFRESH_WINDOW='60 secs' \ -d \ apache/nifi:latest