nifi 1.17 + oidc UI timing out - Unauthorized error="invalid_token" Expired JWT

Question

Deployed a 3 node dockerized nifi cluster using oidc for authentication. Everything working as expected however, UI seems to be timing out after few minutes. Even with activity on the page.

Tried to increase below timeout params but still getting error as following. Any suggestions how to extend token lifetime or debug why it is expiring:

nifi.web.request.timeout=60 secs
nifi.security.user.oidc.connect.timeout=600 secs
nifi.security.user.oidc.read.timeout=600 secs

UPDATE: Digging further, found Bearer JWT shows below if decoded :

{
  "sub": "JONSNO",
  "aud": "https%3A%2F%2Fidp.xyz.com",
  "nbf": 1664290405,
  "iss": "https%3A%2F%2Fidp.xyz.com",
  "preferred_username": "JONSNO",
  "exp": 1664590706,
  "iat": 1664290405,
  "jti": "6c153a3e-6a58-441f-8265-02236fbe4de4"
}

Epoc time always defaulting to 300 seconds ( 5mins ) I could not find any parameter in nifi that can be used to modify it on client side? Anyone has any thoughts how to set it to more than that?

UPDATE:For those who are in the same boat, unless you can convince corporate to change the session timeout nifi 1.15 does not have any config to control from client side.Who knows ,Apache might add additional properties to configure timeout in future version. I ended up using SAML2 for federated access. — StrangerThinks, Jan 10 '23 at 21:32

score 1 · Answer 1 · answered Mar 02 '23 at 18:26

1

There exists an issue since 2018, however, there is some active contribution. https://issues.apache.org/jira/browse/NIFI-4890

answered Mar 02 '23 at 18:26

Michael Jobst

245
2
2

nifi 1.17 + oidc UI timing out - Unauthorized error="invalid_token" Expired JWT

1 Answers1