Hello Karthikeyan As Chris has pointed out, you would need to add node identities in authorizations.xml
This is required to establish node identity with NiFi cluster. Thanks Sushil Kumar On Tue, Jan 5, 2021 at 7:52 AM MUTHUKRISHNAN, KARTHIKEYAN <[email protected]> wrote: > Hi Team, > > Can you help us to troubleshoot this issue ? > > > Thanks & Regards, > M.Karthikeyan. > > > ________________________________ > From: MUTHUKRISHNAN, KARTHIKEYAN > Sent: Tuesday, December 22, 2020 7:08 PM > To: [email protected] <[email protected]> > Cc: RANJAN, RAJIV <[email protected]>; RAJU, JOSEPH <[email protected]> > Subject: NiFi Error on SSL Setup for cluster UI not loading - Insufficient > Permissions Untrusted proxy > > Hi Team, > > I have created a NiFi cluster with 3 nodes and configured SSL for all 3 > eith self signed certs generated for all 3 nodes and a admin user cert. I > have also configured authorization.xml and nifi.properties acordingly as > prescribed. I can see users.xml and authorizers.xml getting generated > properly with Initial Admin configured with cert admin id. All looks good > in my config files. But i am getting following error in ui : Insufficient > Permissions Untrusted proxy CN=XXXX.YY.ZZ.com, OU=NIFI > > nifi-user Logs looks as with below errors, > > 2020-12-22 13:05:27,375 INFO [NiFi Web Server-61] > o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=nifi-admin) > GET https://XXXX.YY.ZZ.com:9443/nifi-api/flow/current-user (source ip: > xx.xx.xx.xxx) > 2020-12-22 13:05:27,380 INFO [NiFi Web Server-61] > o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=nifi-admin > 2020-12-22 13:05:53,219 INFO [NiFi Web Server-61] > o.a.n.w.s.NiFiAuthenticationFilter Attempting request for > (<CN=nifi-admin><CN=XXXX.YY.ZZ.com, OU=NIFI>) GET > https://XXXX.YY.ZZ.com:9443/nifi-api/flow/current-user (source ip: > 130.6.168.62) > 2020-12-22 13:05:53,226 WARN [NiFi Web Server-61] > o.a.n.w.s.NiFiAuthenticationFilter Rejecting access to web api: Untrusted > proxy CN=XXXX.YY.ZZ.com, OU=NIFI > > Could you please help me to narrow down if i am missing anything other > than specified on documentations ? > > > Thanks & Regards, > M.Karthikeyan. > >
