All, I am trying to install nifi 1.5 and making it https. Below is the steps followed and the error i am getting. Below is the config and log files content. Please help
1. Installed nifi 1.5 2. Installed nifi toolkit 1.5 3. Ran toolkit - ./tls-toolkit.sh standalone -n 'localhost' -C 'CN=TC,OU=NIFI' -O -o ../security_output 4. Copied generated keystore, truststore and nifi properties to nifi/config folder 5. Imported the generated certificate to chrome browser 6. Modified authorizers.xml as attached. 7. With required restarts. Now when i enter the below url in the browser, I see the below error. https://localhost:9443/nifi/ Insufficient Permissions - home Unknown user with identity 'CN=TC, OU=NIFI'. Contact the system administrator. authorizers.xml -------------------- <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Legacy Authorized Users File"></property> <property name="Initial User Identity 1">cn=TC,ou=NIFI,dc=example,dc=com</property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">file-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">cn=TC,ou=NIFI,dc=example,dc=com</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1"></property> </accessPolicyProvider> ------------------------ nifi-user.log ----------------------- 2018-01-31 17:51:20,220 INFO [main] o.a.n.a.FileUserGroupProvider Creating new users file at /Users/anilrai/projects/tc/servicemax/nifi-1.5.0/./conf/users.xml 2018-01-31 17:51:20,234 INFO [main] o.a.n.a.FileUserGroupProvider Users/Groups file loaded at Wed Jan 31 17:51:20 EST 2018 2018-01-31 17:51:20,240 INFO [main] o.a.n.a.FileAccessPolicyProvider Creating new authorizations file at /Users/anilrai/projects/tc/servicemax/nifi-1.5.0/./conf/authorizations.xml 2018-01-31 17:51:20,264 INFO [main] o.a.n.a.FileAccessPolicyProvider Populating authorizations for Initial Admin: cn=TC,ou=NIFI,dc=example,dc=com 2018-01-31 17:51:20,271 INFO [main] o.a.n.a.FileAccessPolicyProvider Authorizations file loaded at Wed Jan 31 17:51:20 EST 2018 2018-01-31 17:52:18,192 INFO [NiFi Web Server-28] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: Kerberos ticket login not supported by this NiFi.. Returning Conflict response. 2018-01-31 17:52:18,306 INFO [NiFi Web Server-67] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: OpenId Connect is not configured.. Returning Conflict response. 2018-01-31 17:52:18,350 INFO [NiFi Web Server-27] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=TC, OU=NIFI) GET https://localhost:9443/nifi-api/flow/current-user (source ip: 127.0.0.1) 2018-01-31 17:52:18,354 INFO [NiFi Web Server-27] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=TC, OU=NIFI 2018-01-31 17:52:18,424 INFO [NiFi Web Server-27] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[CN=TC, OU=NIFI], groups[] does not have permission to access the requested resource. Unknown user with identity 'CN=TC, OU=NIFI'. Returning Forbidden response. ------------------------------ Generated users.xml -------------------------------- <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <tenants> <groups/> <users> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4" identity="cn=TC,ou=NIFI,dc=example,dc=com"/> </users> </tenants> -------------------------------- Generated authorizations.xml -------------------------- <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <authorizations> <policies> <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f" resource="/flow" action="R"> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4"/> </policy> <policy identifier="87f484e7-b2e9-39fe-a77c-6c3e345ce847" resource="/data/process-groups/4dedb986-0161-1000-0db6-e28e0a2db61d" action="R"> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4"/> </policy> <policy identifier="3bf4d5e2-eebb-39ea-b417-2ce31959bd66" resource="/data/process-groups/4dedb986-0161-1000-0db6-e28e0a2db61d" action="W"> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4"/> </policy> <policy identifier="a5a489df-b8f0-3948-9456-64a9aaed38fc" resource="/process-groups/4dedb986-0161-1000-0db6-e28e0a2db61d" action="R"> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4"/> </policy> <policy identifier="f7f4a277-67f7-3f16-9963-6a0ccf1e4e23" resource="/process-groups/4dedb986-0161-1000-0db6-e28e0a2db61d" action="W"> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4"/> </policy> <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515" resource="/restricted-components" action="W"> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4"/> </policy> <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7" resource="/tenants" action="R"> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4"/> </policy> <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5" resource="/tenants" action="W"> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4"/> </policy> <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212" resource="/policies" action="R"> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4"/> </policy> <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d" resource="/policies" action="W"> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4"/> </policy> <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03" resource="/controller" action="R"> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4"/> </policy> <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf" resource="/controller" action="W"> <user identifier="5c27599e-20cc-3258-b663-df5b8ca461b4"/> </policy> </policies> </authorizations> ------------------------------------ nifi.properties ---------------------------- # web properties # nifi.web.war.directory=./lib nifi.web.http.host= nifi.web.http.port= nifi.web.http.network.interface.default= nifi.web.https.host=localhost nifi.web.https.port=9443 nifi.web.https.network.interface.default= nifi.web.jetty.working.directory=./work/jetty nifi.web.jetty.threads=200 nifi.web.max.header.size=16 KB nifi.web.proxy.context.path= # security properties # nifi.sensitive.props.key= nifi.sensitive.props.key.protected= nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL nifi.sensitive.props.provider=BC nifi.sensitive.props.additional.keys= nifi.security.keystore=./conf/keystore.jks nifi.security.keystoreType=jks nifi.security.keystorePasswd=dDGiDzvaUrecDVYGbfXq/w6G7z6ldn4oKuQemifG3iI nifi.security.keyPasswd=dDGiDzvaUrecDVYGbfXq/w6G7z6ldn4oKuQemifG3iI nifi.security.truststore=./conf/truststore.jks nifi.security.truststoreType=jks nifi.security.truststorePasswd=Kckcz+CPJduHRzOsdJFaSffmJHLHqJ7noxY3ZHZyqI4 nifi.security.needClientAuth= nifi.security.user.authorizer=managed-authorizer nifi.security.user.login.identity.provider= nifi.security.ocsp.responder.url= nifi.security.ocsp.responder.certificate= ---------------------- Please help. Regards Anil
