Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.16.0, 1.17.0
-
None
Description
NiFi Registry users that should be authorized to add users and change policies are unable to make changes through the user interface after authenticating with OpenID Connect.
From a new installation of NiFI Registry integrated with an OpenID Connect provider, the Add User button is disabled for the Initial Admin Identity configured in the file-access-policy-provider properties.
Evaluating HTTP requests and responses, NiFi Registry makes an initial request to /nifi-registry-api/config and receives an HTTP 401 Unauthorized response for the unauthenticated anonymous user. After selecting Login and authenticating with the OpenID Connect provider, the Add User button remains disabled.
The problem is that the user interface does not refresh the Registry Configuration after a successful OIDC login. The Registry Configuration indicates whether the Registry Authorizer is configurable, which controls whether the Add User button is disabled. Authentication with username and password credentials using Kerberos or LDAP works based on a subsequent request to /nifi-registry-api/config after a successful login.
The user interface should be modified to refresh the Registry Configuration following a successful OIDC login.
Attachments
Issue Links
- links to