Jamie, It appears that once you've authenticated the user identity contains spaces between the segments of the DN while the value configured as the initial admin does not.
To completely eliminate typos, you could try to copy the value from the user log and paste it into the initial admin identity in the authorizers.xml file. Before restarting, you'll need to delete your users.xml and authorizations.xml file (I'm assuming they contain no other users or policies so it's safe to remove). These will be regenerated upon restart. Let me know if that helps. Matt On Tue, Nov 15, 2016 at 4:41 PM, Jamie Le <[email protected]> wrote: > I have configured exactly what nifi document recommended. But i am getting > the errors in nifi-user.log. > > > 2016-11-15 20:13:20,590 INFO [NiFi Web Server-16] > o.a.n.w.a.c.AccessDeniedExceptionMapper > [email protected], CN=laurentt-dev, OU=standard, > OU=user, OU=dev, DC=dev, DC=osn, DC=dom does not have permission to access > the requested resource. Returning Forbidden response. > > > and then in my users.xml > > > <?xml version="1.0" encoding="UTF-8" standalone="yes"?> > <tenants> > <groups/> > <users> > <user identifier="0cf1c26a-1396-3f20-b1f0-544db47dc9c7" > identity="[email protected],cn= > laurentt-dev,ou=standard,ou=user,ou=dev,dc=dev,dc=osn,dc=dom"/> > </users> > </tenants> > > and in authorizer.xml i have the entry. > > <property name="Initial Admin Identity">EMAILADDRESS= > [email protected],cn=laurentt-dev,ou=standard,ou= > user,ou=dev,dc=dev,dc=osn,dc=dom</property> > > > So most of my EMAILADDRESS and CN=, and DC= are matching as it is, no > Space. > > > nifi.properties > > > nifi.security.keystore=/conf/keystore.jks > nifi.security.keystoreType=JKS > nifi.security.keystorePasswd=Hello1234! > nifi.security.keyPasswd=Hello1234! > nifi.security.truststore=/conf/truststore.jks > nifi.security.truststoreType=JKS > nifi.security.truststorePasswd=password > nifi.security.needClientAuth=true > nifi.security.user.authorizer=file-provider > nifi.security.user.login.identity.provider= > nifi.security.ocsp.responder.url= > nifi.security.ocsp.responder.certificate= > > > > What do I missing? Please advise, i really need this to be configure to > work > >
