Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
SAML authentication introduced the concept of Identity User Groups and used a local H2 database for persisting group membership as part of the Identity Provider authentication process. Updates to OIDC authentication also added support for supplying group membership from the Identity Provider.
Following implementation refactoring for both SAML and OIDC, the application Bearer Token generation and signing process has been streamlined. The streamlined approach allows the framework to pass the Identity Provider groups directly to the Bearer Token Provider, obviating the need for H2 database persistence.
The integration approach should be refactored to remove the Identity Provider User Group persistence in H2, and instead pass the provider group membership through the application Bearer Token.
Attachments
Issue Links
- causes
-
NIFI-12418 Identity Provider Groups Missing in Refreshed Bearer Token
- Resolved
- links to