[nifi] branch main updated: NIFI-12141 This closes #7805. Update README about HTTPS and OpenID Authentication for Docker Image

Thu, 28 Sep 2023 14:11:02 -0700 

This is an automated email from the ASF dual-hosted git repository.

joewitt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new b8fd22e065 NIFI-12141 This closes #7805. Update README about HTTPS and 
OpenID Authentication for Docker Image
b8fd22e065 is described below

commit b8fd22e0659549f89db831460c1312686fb51b95
Author: Marcelo Vinícius de Sousa Campos <mr....@hotmail.com>
AuthorDate: Thu Sep 28 09:52:22 2023 -0300

    NIFI-12141 This closes #7805. Update README about HTTPS and OpenID 
Authentication for Docker Image
    
    According to this recent issue 
[NIFI-12135](https://issues.apache.org/jira/browse/NIFI-12135) I've forgotten 
to add 2 missing environment variables about OIDC configurations for docker 
image:
    
    - NIFI_SECURITY_USER_OIDC_CLAIM_GROUPS and
    - NIFI_SECURITY_USER_OIDC_TOKEN_REFRESH_WINDOW
    
    Signed-off-by: Joseph Witt <joew...@apache.org>
---
 nifi-docker/dockerhub/README.md | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/nifi-docker/dockerhub/README.md b/nifi-docker/dockerhub/README.md
index 422e6dcf13..a3e8388ae5 100644
--- a/nifi-docker/dockerhub/README.md
+++ b/nifi-docker/dockerhub/README.md
@@ -188,7 +188,7 @@ user with administrative privileges.
 ### For a minimal, connection to an OpenID server
 
     docker run --name nifi \
-      -v /User/dreynolds/certs/localhost:/opt/certs \
+      -v $(pwd)/certs/localhost:/opt/certs \
       -p 8443:8443 \
       -e AUTH=oidc \
       -e KEYSTORE_PATH=/opt/certs/keystore.jks \
@@ -198,16 +198,18 @@ user with administrative privileges.
       -e TRUSTSTORE_PASSWORD=rHkWR1gDNW3R9hgbeRsT3OM3Ue0zwGtQqcFKJD2EXWE \
       -e TRUSTSTORE_TYPE=JKS \
       -e INITIAL_ADMIN_IDENTITY='test' \
-      -e NIFI_SECURITY_USER_OIDC_DISCOVERY_URL: 
http://OPENID_SERVER_URL/auth/realms/OPENID_REALM/.well-known/openid-configuration
 \
-      -e NIFI_SECURITY_USER_OIDC_CONNECT_TIMEOUT: 10000 \
-      -e NIFI_SECURITY_USER_OIDC_READ_TIMEOUT: 10000 \
-      -e NIFI_SECURITY_USER_OIDC_CLIENT_ID: nifi \
-      -e NIFI_SECURITY_USER_OIDC_CLIENT_SECRET: 
tU47ugXO308WZqf5TtylyoMX3xH6W0kN \
-      -e NIFI_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM: RS256 \
-      -e NIFI_SECURITY_USER_OIDC_ADDITIONAL_SCOPES: email \
-      -e NIFI_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER: preferred_username \
-      -e NIFI_SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER: email \
-      -e NIFI_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY: PKIX \
+      -e 
NIFI_SECURITY_USER_OIDC_DISCOVERY_URL=http://OPENID_SERVER_URL/auth/realms/OPENID_REALM/.well-known/openid-configuration
 \
+      -e NIFI_SECURITY_USER_OIDC_CONNECT_TIMEOUT=10000 \
+      -e NIFI_SECURITY_USER_OIDC_READ_TIMEOUT=10000 \
+      -e NIFI_SECURITY_USER_OIDC_CLIENT_ID=nifi \
+      -e 
NIFI_SECURITY_USER_OIDC_CLIENT_SECRET=tU47ugXO308WZqf5TtylyoMX3xH6W0kN \
+      -e NIFI_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM=RS256 \
+      -e NIFI_SECURITY_USER_OIDC_ADDITIONAL_SCOPES=email \
+      -e NIFI_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER=preferred_username \
+      -e NIFI_SECURITY_USER_OIDC_CLAIM_GROUPS=admin \
+      -e NIFI_SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER=email \
+      -e NIFI_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY=PKIX \
+      -e NIFI_SECURITY_USER_OIDC_TOKEN_REFRESH_WINDOW='60 secs' \
       -d \
       apache/nifi:latest

Reply via email to