I believe the reason why you get the error is because you added the Node Identities in authorizers.xml after you started your NiFi cluster once.
In short, when NiFi is starting for the first time, it'll detect that authorizations.xml and users.xml do not exist and the files will be automatically generated based on what you configured in authorizers.xml. If you add things in authorizers.xml after the files have been generated, it won't be taken into account (meaning: if the files exist, NiFi won't change/update the files). Two options: add the required elements manually or delete both authorizations.xml and users.xml files and restart the cluster to have the files generated with the changes. Based on the content of your authorizations.xml, it looks like you didn't make any change so I'd recommend the second option: delete authorizations.xml and users.xml files on all your NiFi nodes and restart the nodes. Thanks, Pierre Le mer. 19 sept. 2018 à 13:26, nifi-san <[email protected]> a écrit : > Thanks for the reply.Please find below the authorizations.xml and > user.xml;- > > Authorizations.xml:- > > <?xml version="1.0" encoding="UTF-8" standalone="true"?> > -<authorizations> > -<policies> > -<policy action="R" resource="/flow" > identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f"> > <user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </policy> > -<policy action="R" > resource="/data/process-groups/e66f0489-0165-1000-4ffd-578079bc2961" > identifier="f2a6ce38-565b-3fb1-a02d-9e0c0fdaa59e"> > <user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </policy> > -<policy action="W" > resource="/data/process-groups/e66f0489-0165-1000-4ffd-578079bc2961" > identifier="05766804-6d66-3d49-a8f4-0d73b5ea2121"> > <user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </policy> > -<policy action="R" > resource="/process-groups/e66f0489-0165-1000-4ffd-578079bc2961" > identifier="d78cdb6e-344b-370d-8714-c4b7a88cf585"> > <user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </policy> > -<policy action="W" > resource="/process-groups/e66f0489-0165-1000-4ffd-578079bc2961" > identifier="d3910dff-c116-35bb-85f3-d6c2215d1cdb"> > <user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </policy> > -<policy action="W" resource="/restricted-components" > identifier="b8775bd4-704a-34c6-987b-84f2daf7a515"> > <user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </policy> > -<policy action="R" resource="/tenants" > identifier="627410be-1717-35b4-a06f-e9362b89e0b7"> > <user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </policy> > -<policy action="W" resource="/tenants" > identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5"> > <user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </policy> > -<policy action="R" resource="/policies" > identifier="ff96062a-fa99-36dc-9942-0f6442ae7212"> > <user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </policy> > -<policy action="W" resource="/policies" > identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d"> > <user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </policy> > -<policy action="R" resource="/controller" > identifier="2e1015cb-0fed-3005-8e0d-722311f21a03"> > <user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </policy> > -<policy action="W" resource="/controller" > identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf"> > <user identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </policy> > </policies> > </authorizations> > > user.xml:- > > <?xml version="1.0" encoding="UTF-8" standalone="true"?> > -<tenants> > <groups/> > -<users> > <user identity="CN=NADMIN, OU=NIFI" > identifier="991a6798-da54-3570-bf24-061e3ff2b099"/> > </users> > </tenants> > > Errors in the user logs:- > > 2018-09-19 05:25:14,267 INFO [NiFi Web Server-22] > o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: > Kerberos ticket login not supported by this NiFi.. Returning Conflict > response. > 2018-09-19 05:25:14,688 INFO [NiFi Web Server-18] > o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: > OpenId Connect is not configured.. Returning Conflict response. > 2018-09-19 05:25:15,073 INFO [NiFi Web Server-164] > o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=NADMIN, > OU=NIFI) GET https://hostname1:9443/nifi-api/flow/current-user (source ip: > 10.253.220.155) > 2018-09-19 05:25:15,074 INFO [NiFi Web Server-164] > o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=NADMIN, > OU=NIFI > 2018-09-19 05:25:15,149 INFO [NiFi Web Server-22] > o.a.n.w.s.NiFiAuthenticationFilter Attempting request for () GET > https://hostname1:9443/nifi-api/flow/current-user (source ip: > 10.59.68.155) > 2018-09-19 05:25:15,149 WARN [NiFi Web Server-22] > o.a.n.w.s.NiFiAuthenticationFilter Rejecting access to web api: Untrusted > proxy CN=hostname1:9443, OU=NIFI > > Shouldn’t the authorizations.xml get automatically generated? > Strange this is, it works fine on the standalone node. > > > > > > > -- > Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/ >
