nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nifi-san <>
Subject Nifi -1.7 -Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI error on cluster node
Date Tue, 18 Sep 2018 04:08:58 GMT

We are trying to integrate Nifi-7.1 with SSL and LDAP.

We have two different Nifi installation,one which is a standalone node and
the other which is a three node cluster.

Nifi Standalone:-
We were able to successfully integrate the Standalone node with SSL and
login to the Nifi UI with the client certificate.

Nifi Cluster:-
With the same configurations for authorizers.xml as is for the Nifi
standalone, on the Nifi cluster nodes,we get the below error:-

Insufficient Permissions  
Untrusted proxy CN=host1, OU=NIFI  

The authorizers.xml configurations on the cluster is as follows:-

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
        <property name="Users
        <property name="Legacy Authorized Users File"></property>

        <property name="Initial User Identity 1">CN=NADMIN,
        <property name="User Group
        <property name="Authorizations
        <property name="Initial Admin Identity">CN=NADMIN,
        <property name="Legacy Authorized Users File"></property>

        <property name="Node Identity 1">CN=host1, OU=NIFI</property>
<property name="Node Identity 2">CN=host2, OU=NIFI</property>
<property name="Node Identity 3">CN=host3, OU=NIFI</property>
        <property name="Access Policy

We have checked the FQDN and the CN Name of the certificates generated and
all other configurations but could not identify anything specifically that
could be the root cause of the issue.

Apart from the above error with respect to privilege, we do not see any
other error in the logs.

The same configurations worked fine on Nifi-1.3,however, not sure why it
does not work on Nifi-1.7.
Also, it works fine on the standalone node but not on the cluster.

Appreciate if you could provide any assistance on this as it has already
been a while that we have been blocked because of this issue.

Sent from:

View raw message