[
https://issues.apache.org/jira/browse/NIFI-2119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15361779#comment-15361779
]
Joe Skora commented on NIFI-2119:
---------------------------------
This does seem to be the problem, or at least part of it.
I've tracked through the debugger as a client starts up
{{_CertificateUtils.extractClientDNFromSSLSocket()_}} returns {{null}} because
{{Certificate.getClientAuthStatus()}} is returning {{ClientAuth.NONE}}, which
doesn't make sense because I definitely have
{{nifi.security.needClientAuth=yes}} in nifi.properties.
I'll try to dig further after the fireworks!
> Secure clustering returning bad request response
> ------------------------------------------------
>
> Key: NIFI-2119
> URL: https://issues.apache.org/jira/browse/NIFI-2119
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Reporter: Joseph Witt
> Fix For: 0.7.0
>
>
> Cannot get a secured cluster working that worked well on 0.6.0. After
> upgrading now seeing the following line. It either means I upgraded
> incorrectly, or we're missing critical migration guidance, or we have
> introduced a new bug.
> 2016-06-25 14:19:12,017 INFO [NiFi Web Server-23]
> o.a.n.w.a.c.IllegalArgumentExceptionMapper
> java.lang.IllegalArgumentException: User account already created
> CN=box1.testing.org, OU=NIFI, O=Apache-NiFi, L=Here, ST=There, C=EVERYWHERE.
> Returning Bad Request response.
> Speaking with [~mcgilman] about this he looked into it and says
> "the socket used for cluster communications is configured with an sslContext
> that has client auth set to none... which seems to be why the we're not
> getting the NCM DN during connection
> i think the issue is this part of this commit....
> https://github.com/apache/nifi/commit/7b5583f3a8c8e3f62e2985059a3466a5bb36f4e8#diff-a14f46a45c394fbd82a2b99730e04bcbR68";
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
