Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-4781: Updated ClientAuthenticationMethod as optional field response from OpenID provider. This closes #2213

This commit is contained in:
Senthilannaswamy 2017-10-10 13:05:48 +05:30 committed by Matt Gilman
parent 7c1ce17223
commit 790f14b8ef
No known key found for this signature in database
GPG Key ID: DF61EC19432AEE37
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java
View File

@ -61,6 +61,7 @@ import org.slf4j.LoggerFactory;
import java.io.IOException; import java.io.IOException;
import java.net.URI; import java.net.URI;
import java.net.URL; import java.net.URL;
import java.util.ArrayList;
import java.util.Calendar; import java.util.Calendar;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
@ -68,6 +69,7 @@ import java.util.concurrent.TimeUnit;
import static com.nimbusds.openid.connect.sdk.claims.UserInfo.EMAIL_CLAIM_NAME; import static com.nimbusds.openid.connect.sdk.claims.UserInfo.EMAIL_CLAIM_NAME;
/** /**
* OidcProvider for managing the OpenId Connect Authorization flow. * OidcProvider for managing the OpenId Connect Authorization flow.
*/ */
@ -163,11 +165,15 @@ public class StandardOidcIdentityProvider implements OidcIdentityProvider {
} }
// ensure the oidc provider supports basic or post client auth // ensure the oidc provider supports basic or post client auth
final List<ClientAuthenticationMethod> clientAuthenticationMethods = oidcProviderMetadata.getTokenEndpointAuthMethods(); List<ClientAuthenticationMethod> clientAuthenticationMethods = oidcProviderMetadata.getTokenEndpointAuthMethods();
if (clientAuthenticationMethods == null logger.info("OpenId Connect: Available clientAuthenticationMethods {} ", clientAuthenticationMethods);
|| (!clientAuthenticationMethods.contains(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) if (clientAuthenticationMethods == null || clientAuthenticationMethods.isEmpty()) {
&& !clientAuthenticationMethods.contains(ClientAuthenticationMethod.CLIENT_SECRET_POST))) { clientAuthenticationMethods = new ArrayList<>();
clientAuthenticationMethods.add(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
oidcProviderMetadata.setTokenEndpointAuthMethods(clientAuthenticationMethods);
logger.warn("OpenId Connect: ClientAuthenticationMethods is null, Setting clientAuthenticationMethods as CLIENT_SECRET_BASIC");
} else if (!clientAuthenticationMethods.contains(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
&& !clientAuthenticationMethods.contains(ClientAuthenticationMethod.CLIENT_SECRET_POST)) {
throw new RuntimeException(String.format("OpenId Connect Provider does not support %s or %s", throw new RuntimeException(String.format("OpenId Connect Provider does not support %s or %s",
ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue(), ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue(),
ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue())); ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue()));