Mark Deckert created NIFI-3872:
----------------------------------
Summary: "Default Realm" property ignored in kerberos-provider
after upgrade to 1.2.0
Key: NIFI-3872
URL: https://issues.apache.org/jira/browse/NIFI-3872
Project: Apache NiFi
Issue Type: Bug
Affects Versions: 1.2.0
Environment: Windows Server 2012R2
Reporter: Mark Deckert
Priority: Minor
After upgrading from 1.1.2 to 1.2.0, the "Default Realm" property in
login-identity-providers.xml is seemingly ignored. Users can still
successfully log in by typing in the full "[email protected]", but just
"myusername" fails. Same identity-providers file was used in 1.1.2 without
problem.
I've changed username: myusername and domain: MYDOMAIN.COM in logs and config
below:
user log says:
2017-05-11 17:58:17,947 INFO [NiFi Web Server-20]
o.a.n.w.a.c.IllegalArgumentExceptionMapper java.lang.IllegalArgumentException:
The supplied username and password are not valid.. Returning Bad Request
response.
bootstrap log says this:
2017-05-11 17:58:17,931 INFO [NiFi logging handler] org.apache.nifi.StdOut
Debug is true storeKey true useTicketCache false useKeyTab false doNotPrompt
false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is
false principal is null tryFirstPass is false useFirstPass is false storePass
is false clearPass is false
2017-05-11 17:58:17,931 INFO [NiFi logging handler] org.apache.nifi.StdOut
[Krb5LoginModule] user entered username: myusername
2017-05-11 17:58:17,931 INFO [NiFi logging handler] org.apache.nifi.StdOut
2017-05-11 17:58:17,947 INFO [NiFi logging handler] org.apache.nifi.StdOut
[Krb5LoginModule] authentication failed
Identity-Providers config file:
<provider>
<identifier>kerberos-provider</identifier>
<class>org.apache.nifi.kerberos.KerberosProvider</class>
<property name="Default Realm">MYDOMAIN.COM</property>
<property name="Authentication Expiration">12 hours</property>
</provider>
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
