nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Wilcsinszky <peterwilcsins...@gmail.com>
Subject Re: Nifi -1.7 -Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI error on cluster node
Date Tue, 18 Sep 2018 11:55:50 GMT
Hi,

are your hosts registered in LDAP properly? If you don't want them to come
from LDAP then they should come from the file-user-group-provider as
initial user identities in addition to your "Initial User Identity 1".

Peter

On Tue, Sep 18, 2018 at 11:54 AM nifi-san <nairsandeepk@gmail.com> wrote:

> Hello,
>
> We are trying to integrate Nifi-7.1 with SSL and LDAP.
>
> We have two different Nifi installation,one which is a standalone node and
> the other which is a three node cluster.
>
> Nifi Standalone:-
> We were able to successfully integrate the Standalone node with SSL and
> login to the Nifi UI with the client certificate.
>
> Nifi Cluster:-
> With the same configurations for authorizers.xml as is for the Nifi
> standalone, on the Nifi cluster nodes,we get the below error:-
>
> ERROR:-
> ********************************************
> Insufficient Permissions
> Untrusted proxy CN=host1, OU=NIFI
> ********************************************
>
> The authorizers.xml configurations on the cluster is as follows:-
>
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <authorizers>
>     <userGroupProvider>
>         <identifier>file-user-group-provider</identifier>
>         <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
>         <property name="Users
> File">/opt/app/resources/nifi/users.xml</property>
>         <property name="Legacy Authorized Users File"></property>
>
>         <property name="Initial User Identity 1">CN=NADMIN,
> OU=NIFI</property>
>     </userGroupProvider>
>     <accessPolicyProvider>
>         <identifier>file-access-policy-provider</identifier>
>
> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
>         <property name="User Group
> Provider">file-user-group-provider</property>
>         <property name="Authorizations
> File">/opt/app/resources/nifi/authorizations.xml</property>
>         <property name="Initial Admin Identity">CN=NADMIN,
> OU=NIFI</property>
>         <property name="Legacy Authorized Users File"></property>
>
>         <property
> name="ohlvnfiap002dd.oh.dev.dat.aws.vz-connect.net"></property>
>         <property name="Node Identity 1">CN=host1, OU=NIFI</property>
> <property name="Node Identity 2">CN=host2, OU=NIFI</property>
> <property name="Node Identity 3">CN=host3, OU=NIFI</property>
>     </accessPolicyProvider>
>     <authorizer>
>         <identifier>managed-authorizer</identifier>
>
> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
>         <property name="Access Policy
> Provider">file-access-policy-provider</property>
>     </authorizer>
> </authorizers>
>
> We have checked the FQDN and the CN Name of the certificates generated and
> all other configurations but could not identify anything specifically that
> could be the root cause of the issue.
>
> Apart from the above error with respect to privilege, we do not see any
> other error in the logs.
>
> The same configurations worked fine on Nifi-1.3,however, not sure why it
> does not work on Nifi-1.7.
> Also, it works fine on the standalone node but not on the cluster.
>
> Appreciate if you could provide any assistance on this as it has already
> been a while that we have been blocked because of this issue.
>
>
>
> --
> Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message