[
https://issues.apache.org/jira/browse/NIFI-7246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17646587#comment-17646587
]
Nurullah Çalışkan edited comment on NIFI-7246 at 12/13/22 11:45 AM:
--------------------------------------------------------------------
I would like to mention one thing here. Our problem is this: even if we are
using sticky session. If one of the nodes is down, we will have the token I
received from it and requests that will go to the server that is down, in this
case all the requests we have sent with the token will give an invalid token
error. In order to prevent this, the token we receive from any node must be
valid on all nodes. Thus, even if the node drops, we will still be able to send
requests with tokens.
We also talked about this topic in this slack thread, I would like to continue
the thread for possible issues.
[https://apachenifi.slack.com/archives/C0L9VCD47/p1669881981704059]
cc://[~exceptionfactory]
was (Author: JIRAUSER279864):
I would like to mention one thing here. Our problem is this: even if we are
using sticky session. If one of the nodes is down, we will have the token I
received from it and requests that will go to the server that is down, in this
case all the requests we have sent with the token will give an invalid token
error. In order to prevent this, the token we receive from any node must be
valid on all nodes. Thus, even if the node drops, we will still be able to send
requests with tokens.
We also talked about this topic in this slack thread, I would like to continue
the thread for possible issues.
https://apachenifi.slack.com/archives/C0L9VCD47/p1669881981704059
> JWT Generated by a node in the cluster is not honored by other nodes in the
> cluster.
> ------------------------------------------------------------------------------------
>
> Key: NIFI-7246
> URL: https://issues.apache.org/jira/browse/NIFI-7246
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Security
> Reporter: Shreyas KC
> Priority: Major
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> In an externally load balanced cluster without sticky session, it is not
> possible to currently share the JWT generated by one node with the rest of
> the nodes in the cluster.
> Hence we need a mechanism where we can introduce static key in the
> nifi.properties in its chosen by the cluster administrator.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
