Also, watch the case of cn, ou, etc entries, you have different ones. As Matt mentioned, best course of action is to copy the user identity from the access denied error in the logs. Treat them as passwords, must be an exact match.
Andrew On Tue, Nov 15, 2016, 5:11 PM Matt Gilman <[email protected]> wrote: > Jamie, > > It appears that once you've authenticated the user identity contains spaces > between the segments of the DN while the value configured as the initial > admin does not. > > To completely eliminate typos, you could try to copy the value from the > user log and paste it into the initial admin identity in the > authorizers.xml file. Before restarting, you'll need to delete your > users.xml and authorizations.xml file (I'm assuming they contain no other > users or policies so it's safe to remove). These will be regenerated upon > restart. > > Let me know if that helps. > > Matt > > On Tue, Nov 15, 2016 at 4:41 PM, Jamie Le <[email protected]> wrote: > > > I have configured exactly what nifi document recommended. But i am > getting > > the errors in nifi-user.log. > > > > > > 2016-11-15 20:13:20,590 INFO [NiFi Web Server-16] > o.a.n.w.a.c.AccessDeniedExceptionMapper > > [email protected], CN=laurentt-dev, OU=standard, > > OU=user, OU=dev, DC=dev, DC=osn, DC=dom does not have permission to > access > > the requested resource. Returning Forbidden response. > > > > > > and then in my users.xml > > > > > > <?xml version="1.0" encoding="UTF-8" standalone="yes"?> > > <tenants> > > <groups/> > > <users> > > <user identifier="0cf1c26a-1396-3f20-b1f0-544db47dc9c7" > > identity="[email protected],cn= > > laurentt-dev,ou=standard,ou=user,ou=dev,dc=dev,dc=osn,dc=dom"/> > > </users> > > </tenants> > > > > and in authorizer.xml i have the entry. > > > > <property name="Initial Admin Identity">EMAILADDRESS= > > [email protected],cn=laurentt-dev,ou=standard,ou= > > user,ou=dev,dc=dev,dc=osn,dc=dom</property> > > > > > > So most of my EMAILADDRESS and CN=, and DC= are matching as it is, no > > Space. > > > > > > nifi.properties > > > > > > nifi.security.keystore=/conf/keystore.jks > > nifi.security.keystoreType=JKS > > nifi.security.keystorePasswd=Hello1234! > > nifi.security.keyPasswd=Hello1234! > > nifi.security.truststore=/conf/truststore.jks > > nifi.security.truststoreType=JKS > > nifi.security.truststorePasswd=password > > nifi.security.needClientAuth=true > > nifi.security.user.authorizer=file-provider > > nifi.security.user.login.identity.provider= > > nifi.security.ocsp.responder.url= > > nifi.security.ocsp.responder.certificate= > > > > > > > > What do I missing? Please advise, i really need this to be configure to > > work > > > > >
