nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicolas Delsaux <nicolas.dels...@gmx.fr>
Subject My nifi no more serve admin interface
Date Tue, 13 Aug 2019 13:40:15 GMT
I'm currently trying to implement ldap user group authorization in nifi.

For that, I've deployed nifi docker image with configuration files
containing required config elements (a ldap identity provider, a ldap
user group provider).

I've also configured https with a keystore/truststore that are injected
into docker container through volumes.

Once all is configured, i've taken the time to do some debug session to
make sure tue FileAccessPolicyProvider correctly loads my user from
ldap, and it works ok.

Unfortunatly, now, when i try to load Nifi admin interface, I get a
strange http response containing only the string "�P".

In other words,


nicolas-delsaux@NICOLASDELSAUX C:\Users\nicolas-delsaux
$ curl -v -H "Host: nifi-psh.adeo.com" http://localhost:38080/ --output -
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 38080 (#0)
 > GET / HTTP/1.1
 > Host: nifi-psh.adeo.com
 > User-Agent: curl/7.55.1
 > Accept: */*
 >
§♥♥ ☻☻P* Connection #0 to host localhost left intact


http does not work (which i expects, since I've configured
authentication/authorization

nicolas-delsaux@NICOLASDELSAUX C:\Users\nicolas-delsaux
$ curl -v -H "Host: nifi-psh.adeo.com" https://localhost:38080/ --output -
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 38080 (#0)
* schannel: SSL/TLS connection with localhost port 38080 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 174 bytes...
* schannel: sent initial handshake data: sent 174 bytes
* schannel: SSL/TLS connection with localhost port 38080 (step 2/3)
* schannel: encrypted data got 7
* schannel: encrypted data buffer: offset 7 length 4096
* schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE
(0x80090326) - This error usually occurs when a fatal SSL/TLS alert is
received (e.g. handshake failed). More detail may be available in the
Windows System event log.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with localhost port 38080
* schannel: clear security context handle
curl: (35) schannel: next InitializeSecurityContext failed:
SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a
fatal SSL/TLS alert is received (e.g. handshake failed). More detail may
be available in the Windows System event log.

But neither is https

I guess there is something wrong with certificate, but the log doesn't
seems to indicate any certificate misconfiguration.


What have i done wrong ?



Mime
View raw message