Closed
Description
Affected Stackable version
24.11
Affected Apache NiFi version
1.27.0, 2.0.0
Current and expected behavior
The Stackable AuthenticationClass is used to share information about e.g. an OIDC endpoint between products.
apiVersion: authentication.stackable.tech/v1alpha1
kind: AuthenticationClass
metadata:
name: keycloak
spec:
provider:
oidc:
hostname: sdp-keycloak.tech
port: 443
principalClaim: preferred_username
rootPath: /realms/sdp
...
This configuration would work with other Stackable products like Trino, Superset, but fails in NiFi.
The reason is that NiFi expects a trailing slash in the rootPath and fails to configure if its missing. Other products do not need that.
Possible solution
Consolidate the NiFi operator code to be able to share (OIDC) AuthenticationClasses with other products without breaking.
Additional context
A Workaround is to not share the AuthenticationClass with other Stackable products, but create a new AuthenticationClass with the traling slash fixed:
apiVersion: authentication.stackable.tech/v1alpha1
kind: AuthenticationClass
metadata:
name: keycloak-nifi-fix
spec:
provider:
oidc:
hostname: sdp-keycloak.tech
port: 443
principalClaim: preferred_username
rootPath: /realms/sdp/
...
Environment
No response
Would you like to work on fixing this bug?
None