Hello! I'm trying to set up Nifi-Registry OIDC authentication with Windows ADFS as oidc provider, but have no luck. Using self-signed sertificates for SSL connection i'm able to LOGIN in web interface with initial admin and create some groups with different priveleges, for examle nifi-reg-admins with full rights. In Active Directory this group is also present and the user nifi-admin-2@blackboks.ru is member of this group. In ADFS Management a have setup template Server application accessing a web API with issuance transform rule as "Send Groupmembership as a Claim". Respectively i choose nifi-reg-admins group as User group, Outgoing claim type - Group and Outgoing claim value - nifi-reg-admins. I can login with nifi-admin-2@blackboks.ru into web interface, but there is no admin priveleges at all and in logs i see this: INFO [NiFi Registry Web Server-39] o.a.n.r.w.m.AccessDeniedExceptionMapper identity[nifi-admin-2@blackboks.ru], groups[] does not have permission to access the requested resource. Unable to view users/user groups. Returning Forbidden response. It's like i don't have any groups but i do.. Here is OIDC sections in property file: nifi.registry.security.user.oidc.discovery.url=https://adfs.blackboks.ru/adfs/.well-known/openid-configuration
nifi.registry.security.user.oidc.connect.timeout=5 secs
nifi.registry.security.user.oidc.read.timeout=5 secs
nifi.registry.security.user.oidc.client.id=id
nifi.registry.security.user.oidc.client.secret=secret
nifi.registry.security.user.oidc.preferred.jwsalgorithm=RS256
nifi.registry.security.user.oidc.claim.groups=group
nifi.registry.security.user.oidc.claim.identifying.user=upn
nifi.registry.security.user.oidc.additional.scopes=openid,cn,email,group,role,roles,profile,offline_access Please help me to accomplish this
... View more
