nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Doran <kdo...@apache.org>
Subject Re: Nifi Registry LDAP
Date Tue, 10 Apr 2018 19:10:25 GMT
If everything is configured correctly, this error usually indicates that the server did not
locate your login credentials when processing the login request. That usually means it will
not even attempt to authenticate the credentials, so I'm not sure it is an LDAP configuration
error.

 

If you want to check this manually using developer tools in a browser (e.g., Chrome or Firefox)
you can look at the HTTP traffic to see if credentials are being passed to the server. NiFi
Registry uses the HTTP Basic Auth protocol to login (credentials are encoded in the Authorization
header and passed to the server from the login page to generate a temporary authentication
token). 

 

So after clicking "Login", you should look for an HTTP POST to <base_url>/nifi-registry-api/access/token/login,
which should have an "Authorization" header with the value "Basic {encoded-username-and-password}"

 

If the credentials are there, it is likely something is misconfigured on the server side with
the identity provider so that login credentials are not even being looked for. If the credentials
are not there... well I've never seen that. I would probably as if your NiFi Registry Server
running behind a load balancer or proxy that could be interfering with HTTP headers?

 

What version of NiFi Registry are you using? 0.1.0 or a version built from source?

 

Hope this helps,

Kevin

 

 

On 4/10/18, 14:59, "Scott Howell" <scotthowell@mobilgov.com> wrote:

 

    Yes I did, I had Nifi-registry working with a local instances of LDAP running. It’s
now not cooperating since I moved to using Jumpcloud. 

    

    > On Apr 10, 2018, at 1:56 PM, Kevin Doran <kdoran@apache.org> wrote:

    > 

    > Hi Scott,

    > 

    > Did you configure nifi-registry.properties with:

    > 

    > nifi.registry.security.identity.provider=ldap-identity-provider

    > 

    > On 4/10/18, 14:53, "Scott Howell" <scotthowell@mobilgov.com> wrote:

    > 

    >    Thanks for the all the help yesterday standing up LDAP for NIFI. I was
able to troubleshoot and fix the issues myself. I am running into a unique issue with my Nifi-Registry
when I try to login with my LDAP credentials like I do for the nifi cluster I get in my logs
with this:

    > 

    >    2018-04-10 18:43:15,303 INFO [NiFi Registry Web Server-18] o.a.n.r.w.s.NiFiRegistrySecurityConfig
AuthenticationEntryPoint invoked as no user identity credentials were found in the request.

    > 

    >    My identity-providers.xml is this:

    >    <identityProviders>

    >         <provider> 

    >                          <identifier>ldap-identity-provider</identifier>
                                                                                                
                                                               
 <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class> 

    >                          <property name="Authentication
Strategy">START_TLS</property>

    >                          <property name="Manager DN">uid=nifi,ou=Users,o={redacted},dc=jumpcloud,dc=com</property>

    >                          <property name="Manager Password">{redacted}</property>


    >                          <property name="TLS - Keystore”>

    >                         </property>

    >                          <property name="TLS - Keystore
Password"></property> 

    >                          <property name="TLS - Keystore
Type"></property>

    >                          <property name="TLS - Truststore">/opt/certs/jumpcloud.jks</property>


    >                          <property name="TLS - Truststore
Password">{redacted}</property>                     

    >                         <property name="TLS - Truststore
Type">JKS</property> 

    >                          <property name="TLS - Client
Auth"></property> 

    >                          <property name="TLS - Protocol">TLSv1.2</property>

    >                          <property name="TLS - Shutdown
Gracefully"></property>

    >                          <property name="Referral Strategy">FOLLOW</property>


    >                          <property name="Connect Timeout">10
secs</property> 

    >                          <property name="Read Timeout">10
secs</property> 

    >                          <property name="Url">ldap://ldap.jumpcloud.com:389</property>


    >                          <property name="User Search
Base">ou=Users,o={redacted},dc=jumpcloud,dc=com</property> 

    >                          <property name="User Search
Filter">uid={0}</property> 

    >                          <property name="Identity
Strategy">USE_USERNAME</property> 

    >                          <property name="Authentication
Expiration">12 hours</property> 

    >          </provider>

    >    </identityProviders>

    > 

    >    For the most part I grabbed most of this from my Nifi node login-identity-providers.xml
but I seem to have something messed up.

    > 

    > 

    

    

 


Mime
View raw message