Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-11252

OIDC secret properties that are encrypted by default are not being decrypted in Nifi Registry

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.20.0
    • 2.0.0, 1.21.0
    • NiFi Registry
    • None

    Description

      Since upgrading to 1.20.0 from 1.16.2 I have been getting the following error: Unable to exchange authorization for ID token: An error occurred while invoking the Token endpoint: Invalid client secret 

      In version 1.20.0 nifi.registry.security.user.oidc.client.secret has been added to the default list of properties that are encrypted by the Nifi Toolkit's property encryption tool, however, it has not been added to the ProtectedNiFiRegistryProperties file which is used to read and decrypt these properties.

      This results in the encrypted string being passed to the OIDC provider resulting in the error above.

      I have gotten around this issue for the time being by setting the following property.

      nifi.registry.sensitive.props.additional.keys=nifi.registry.security.user.oidc.client.secret

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #7044

          Activity

            People

              rvandenbos Ryan
              rvandenbos Ryan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h