Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-12141 This closes #7805. Update README about HTTPS and OpenID Authentication for Docker Image 

According to this recent issue [NIFI-12135](https://issues.apache.org/jira/browse/NIFI-12135) I've forgotten to add 2 missing environment variables about OIDC configurations for docker image:

- NIFI_SECURITY_USER_OIDC_CLAIM_GROUPS and
- NIFI_SECURITY_USER_OIDC_TOKEN_REFRESH_WINDOW

Signed-off-by: Joseph Witt <joewitt@apache.org>
This commit is contained in:
Marcelo Vinícius de Sousa Campos 2023-09-28 09:52:22 -03:00 committed by Joseph Witt
parent db727aa419
commit b8fd22e065
No known key found for this signature in database
GPG Key ID: 9093BF854F811A1A
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
nifi-docker/dockerhub/README.md
View File

@ -188,7 +188,7 @@ user with administrative privileges.
### For a minimal, connection to an OpenID server
docker run --name nifi \
-v /User/dreynolds/certs/localhost:/opt/certs \
-v $(pwd)/certs/localhost:/opt/certs \
-p 8443:8443 \
-e AUTH=oidc \
-e KEYSTORE_PATH=/opt/certs/keystore.jks \
@ -198,16 +198,18 @@ user with administrative privileges.
-e TRUSTSTORE_PASSWORD=rHkWR1gDNW3R9hgbeRsT3OM3Ue0zwGtQqcFKJD2EXWE \
-e TRUSTSTORE_TYPE=JKS \
-e INITIAL_ADMIN_IDENTITY='test' \
-e NIFI_SECURITY_USER_OIDC_DISCOVERY_URL: http://OPENID_SERVER_URL/auth/realms/OPENID_REALM/.well-known/openid-configuration \
-e NIFI_SECURITY_USER_OIDC_CONNECT_TIMEOUT: 10000 \
-e NIFI_SECURITY_USER_OIDC_READ_TIMEOUT: 10000 \
-e NIFI_SECURITY_USER_OIDC_CLIENT_ID: nifi \
-e NIFI_SECURITY_USER_OIDC_CLIENT_SECRET: tU47ugXO308WZqf5TtylyoMX3xH6W0kN \
-e NIFI_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM: RS256 \
-e NIFI_SECURITY_USER_OIDC_ADDITIONAL_SCOPES: email \
-e NIFI_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER: preferred_username \
-e NIFI_SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER: email \
-e NIFI_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY: PKIX \
-e NIFI_SECURITY_USER_OIDC_DISCOVERY_URL=http://OPENID_SERVER_URL/auth/realms/OPENID_REALM/.well-known/openid-configuration \
-e NIFI_SECURITY_USER_OIDC_CONNECT_TIMEOUT=10000 \
-e NIFI_SECURITY_USER_OIDC_READ_TIMEOUT=10000 \
-e NIFI_SECURITY_USER_OIDC_CLIENT_ID=nifi \
-e NIFI_SECURITY_USER_OIDC_CLIENT_SECRET=tU47ugXO308WZqf5TtylyoMX3xH6W0kN \
-e NIFI_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM=RS256 \
-e NIFI_SECURITY_USER_OIDC_ADDITIONAL_SCOPES=email \
-e NIFI_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER=preferred_username \
-e NIFI_SECURITY_USER_OIDC_CLAIM_GROUPS=admin \
-e NIFI_SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER=email \
-e NIFI_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY=PKIX \
-e NIFI_SECURITY_USER_OIDC_TOKEN_REFRESH_WINDOW='60 secs' \
-d \
apache/nifi:latest