nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nifi-san <nairsande...@gmail.com>
Subject Re: Nifi -1.7 -Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI error on cluster node
Date Wed, 19 Sep 2018 09:43:02 GMT
Thanks for the reply.Please find below the authorizations.xml and user.xml;-

Authorizations.xml:-

<?xml version="1.0" encoding="UTF-8" standalone="true"?>
-<authorizations>
-<policies>
-<policy action="R" resource="/flow"
identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f">
<user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</policy>
-<policy action="R"
resource="/data/process-groups/e66f0489-0165-1000-4ffd-578079bc2961"
identifier="f2a6ce38-565b-3fb1-a02d-9e0c0fdaa59e">
<user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</policy>
-<policy action="W"
resource="/data/process-groups/e66f0489-0165-1000-4ffd-578079bc2961"
identifier="05766804-6d66-3d49-a8f4-0d73b5ea2121">
<user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</policy>
-<policy action="R"
resource="/process-groups/e66f0489-0165-1000-4ffd-578079bc2961"
identifier="d78cdb6e-344b-370d-8714-c4b7a88cf585">
<user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</policy>
-<policy action="W"
resource="/process-groups/e66f0489-0165-1000-4ffd-578079bc2961"
identifier="d3910dff-c116-35bb-85f3-d6c2215d1cdb">
<user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</policy>
-<policy action="W" resource="/restricted-components"
identifier="b8775bd4-704a-34c6-987b-84f2daf7a515">
<user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</policy>
-<policy action="R" resource="/tenants"
identifier="627410be-1717-35b4-a06f-e9362b89e0b7">
<user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</policy>
-<policy action="W" resource="/tenants"
identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5">
<user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</policy>
-<policy action="R" resource="/policies"
identifier="ff96062a-fa99-36dc-9942-0f6442ae7212">
<user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</policy>
-<policy action="W" resource="/policies"
identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d">
<user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</policy>
-<policy action="R" resource="/controller"
identifier="2e1015cb-0fed-3005-8e0d-722311f21a03">
<user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</policy>
-<policy action="W" resource="/controller"
identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf">
<user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</policy>
</policies>
</authorizations>

user.xml:-

<?xml version="1.0" encoding="UTF-8" standalone="true"?>
-<tenants>
<groups/>
-<users>
<user identity="CN=NADMIN, OU=NIFI"
identifier="991a6798-da54-3570-bf24-061e3ff2b099"/>
</users>
</tenants>

Errors in the user logs:-

2018-09-19 05:25:14,267 INFO [NiFi Web Server-22]
o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException:
Kerberos ticket login not supported by this NiFi.. Returning Conflict
response.
2018-09-19 05:25:14,688 INFO [NiFi Web Server-18]
o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException:
OpenId Connect is not configured.. Returning Conflict response.
2018-09-19 05:25:15,073 INFO [NiFi Web Server-164]
o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=NADMIN,
OU=NIFI) GET https://hostname1:9443/nifi-api/flow/current-user (source ip:
10.253.220.155)
2018-09-19 05:25:15,074 INFO [NiFi Web Server-164]
o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=NADMIN,
OU=NIFI
2018-09-19 05:25:15,149 INFO [NiFi Web Server-22]
o.a.n.w.s.NiFiAuthenticationFilter Attempting request for () GET
https://hostname1:9443/nifi-api/flow/current-user (source ip: 10.59.68.155)
2018-09-19 05:25:15,149 WARN [NiFi Web Server-22]
o.a.n.w.s.NiFiAuthenticationFilter Rejecting access to web api: Untrusted
proxy CN=hostname1:9443, OU=NIFI

Shouldn’t the authorizations.xml get automatically generated?
Strange this is, it works fine on the standalone node.






--
Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/

Mime
View raw message