nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MUTHUKRISHNAN, KARTHIKEYAN" <km9...@att.com>
Subject Re: NiFi Error on SSL Setup for cluster UI not loading - Insufficient Permissions Untrusted proxy
Date Tue, 05 Jan 2021 15:42:59 GMT
Hi Team,

Can you help us to troubleshoot this issue ?


Thanks & Regards,
M.Karthikeyan.


________________________________
From: MUTHUKRISHNAN, KARTHIKEYAN
Sent: Tuesday, December 22, 2020 7:08 PM
To: dev@nifi.apache.org <dev@nifi.apache.org>
Cc: RANJAN, RAJIV <rr0517@att.com>; RAJU, JOSEPH <jr490a@att.com>
Subject: NiFi Error on SSL Setup for cluster UI not loading - Insufficient Permissions Untrusted
proxy

Hi Team,

I have created a NiFi cluster with 3 nodes and configured SSL for all 3 eith self signed certs
generated for all 3 nodes and a admin user cert. I have also configured authorization.xml
and nifi.properties acordingly as prescribed. I can see users.xml and authorizers.xml getting
generated properly with Initial Admin configured with cert admin id. All looks good in my
config files. But i am getting following error in ui : Insufficient Permissions Untrusted
proxy CN=XXXX.YY.ZZ.com, OU=NIFI

nifi-user Logs looks as with below errors,

2020-12-22 13:05:27,375 INFO [NiFi Web Server-61] o.a.n.w.s.NiFiAuthenticationFilter Attempting
request for (CN=nifi-admin) GET https://XXXX.YY.ZZ.com:9443/nifi-api/flow/current-user (source
ip: xx.xx.xx.xxx)
2020-12-22 13:05:27,380 INFO [NiFi Web Server-61] o.a.n.w.s.NiFiAuthenticationFilter Authentication
success for CN=nifi-admin
2020-12-22 13:05:53,219 INFO [NiFi Web Server-61] o.a.n.w.s.NiFiAuthenticationFilter Attempting
request for (<CN=nifi-admin><CN=XXXX.YY.ZZ.com, OU=NIFI>) GET https://XXXX.YY.ZZ.com:9443/nifi-api/flow/current-user
(source ip: 130.6.168.62)
2020-12-22 13:05:53,226 WARN [NiFi Web Server-61] o.a.n.w.s.NiFiAuthenticationFilter Rejecting
access to web api: Untrusted proxy CN=XXXX.YY.ZZ.com, OU=NIFI

Could you please help me to narrow down if i am missing anything other than specified on documentations
?


Thanks & Regards,
M.Karthikeyan.


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message