[jira] [Updated] (NIFI-13262) Could not create Processor of type org.apache.nifi.processors.attributes.UpdateAttribute, upgrading from 2.0-M2
[
https://issues.apache.org/jira/browse/NIFI-13262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-13262:
--
Description:
upgrade from 2.0-M2, Some updateattribute processors give the following
exception, some work fine
{code:java}
2024-05-17 17:12:51,894 INFO [main]
o.a.n.f.s.StandardVersionedComponentSynchronizer Added
GhostProcessor[id=575f3a5b-75f0-1c3d-8375-b2086496fe63] to
StandardProcessGroup[identifier=8dd1667a-1cb1-1dba--79bf1185,name=JWT验证]
2024-05-17 17:12:51,894 ERROR [main] o.a.nifi.controller.ExtensionBuilder Could
not create Processor of type
org.apache.nifi.processors.attributes.UpdateAttribute for ID
7fa83bb1-daf3-145c-b578-a50906497151 due to:
org.apache.nifi.processors.attributes.UpdateAttribute; creating "Ghost"
implementation
org.apache.nifi.controller.exception.ProcessorInstantiationException:
org.apache.nifi.processors.attributes.UpdateAttribute
at
org.apache.nifi.controller.ExtensionBuilder.createLoggableProcessor(ExtensionBuilder.java:780)
at
org.apache.nifi.controller.ExtensionBuilder.buildProcessor(ExtensionBuilder.java:251)
at
org.apache.nifi.controller.flow.StandardFlowManager.createProcessor(StandardFlowManager.java:359)
at
org.apache.nifi.controller.flow.AbstractFlowManager.createProcessor(AbstractFlowManager.java:401)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.addProcessor(StandardVersionedComponentSynchronizer.java:2435)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronizeProcessors(StandardVersionedComponentSynchronizer.java:1042)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronize(StandardVersionedComponentSynchronizer.java:453)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.addProcessGroup(StandardVersionedComponentSynchronizer.java:1212)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronizeChildGroups(StandardVersionedComponentSynchronizer.java:545)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronize(StandardVersionedComponentSynchronizer.java:447)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.addProcessGroup(StandardVersionedComponentSynchronizer.java:1212)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronizeChildGroups(StandardVersionedComponentSynchronizer.java:545)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronize(StandardVersionedComponentSynchronizer.java:447)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.addProcessGroup(StandardVersionedComponentSynchronizer.java:1212)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronizeChildGroups(StandardVersionedComponentSynchronizer.java:545)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronize(StandardVersionedComponentSynchronizer.java:447)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.lambda$synchronize$0(StandardVersionedComponentSynchronizer.java:248)
at
org.apache.nifi.controller.flow.AbstractFlowManager.withParameterContextResolution(AbstractFlowManager.java:638)
at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronize(StandardVersionedComponentSynchronizer.java:243)
at
org.apache.nifi.groups.StandardProcessGroup.synchronizeFlow(StandardProcessGroup.java:3868)
at
org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.synchronizeFlow(VersionedFlowSynchronizer.java:464)
at
org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.sync(VersionedFlowSynchronizer.java:223)
at
org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1743)
at
org.apache.nifi.persistence.StandardFlowConfigurationDAO.load(StandardFlowConfigurationDAO.java:91)
at
org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:805)
at
org.apache.nifi.controller.StandardFlowService.loadFromConnectionResponse(StandardFlowService.java:954)
at
org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:508)
at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:871)
at org.apache.nifi.NiFi.(NiFi.java:172)
at org.apache.nifi.NiFi.(NiFi.java:83)
at org.apache.nifi.NiFi.main(NiFi.java:332)
Caused by: java.lang.IllegalStateException: Unable to find bundle for
coordinate org.apache.nifi:nifi-update-attribute-nar:2.0.0-M2
at
[jira] [Created] (NIFI-13262) Could not create Processor of type org.apache.nifi.processors.attributes.UpdateAttribute, upgrading from 2.0-M2
macdoor615 created NIFI-13262:
-
Summary: Could not create Processor of type
org.apache.nifi.processors.attributes.UpdateAttribute, upgrading from 2.0-M2
Key: NIFI-13262
URL: https://issues.apache.org/jira/browse/NIFI-13262
Project: Apache NiFi
Issue Type: Bug
Components: Extensions
Affects Versions: 2.0.0-M3
Environment: NiFi 2.0-M3
Java version "21.0.2" 2024-01-16 LTS
Java(TM) SE Runtime Environment Oracle GraalVM 21.0.2+13.1 (build
21.0.2+13-LTS-jvmci-23.1-b30)
Java HotSpot(TM) 64-Bit Server VM Oracle GraalVM 21.0.2+13.1 (build
21.0.2+13-LTS-jvmci-23.1-b30, mixed mode, sharing)
Linux hb3-prod-hadoop-003 4.18.0-477.27.2.el8_8.x86_64 #1 SMP Fri Sep 29
08:21:01 EDT 2023 x86_64 x86_64 x86_64 GNU/Linux
Reporter: macdoor615
upgrade from 2.0-M2, Some updateattribute processors give the following
exception, some work fine
{{2024-05-17 17:12:51,894 INFO [main]
o.a.n.f.s.StandardVersionedComponentSynchronizer Added
GhostProcessor[id=575f3a5b-75f0-1c3d-8375-b2086496fe63] to
StandardProcessGroup[identifier=8dd1667a-1cb1-1dba--79bf1185,name=JWT验证]}}
{{2024-05-17 17:12:51,894 ERROR [main] o.a.nifi.controller.ExtensionBuilder
Could not create Processor of type
org.apache.nifi.processors.attributes.UpdateAttribute for ID
7fa83bb1-daf3-145c-b578-a50906497151 due to:
org.apache.nifi.processors.attributes.UpdateAttribute; creating "Ghost"
implementation}}
{{org.apache.nifi.controller.exception.ProcessorInstantiationException:
org.apache.nifi.processors.attributes.UpdateAttribute}}
{{ at
org.apache.nifi.controller.ExtensionBuilder.createLoggableProcessor(ExtensionBuilder.java:780)}}
{{ at
org.apache.nifi.controller.ExtensionBuilder.buildProcessor(ExtensionBuilder.java:251)}}
{{ at
org.apache.nifi.controller.flow.StandardFlowManager.createProcessor(StandardFlowManager.java:359)}}
{{ at
org.apache.nifi.controller.flow.AbstractFlowManager.createProcessor(AbstractFlowManager.java:401)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.addProcessor(StandardVersionedComponentSynchronizer.java:2435)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronizeProcessors(StandardVersionedComponentSynchronizer.java:1042)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronize(StandardVersionedComponentSynchronizer.java:453)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.addProcessGroup(StandardVersionedComponentSynchronizer.java:1212)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronizeChildGroups(StandardVersionedComponentSynchronizer.java:545)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronize(StandardVersionedComponentSynchronizer.java:447)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.addProcessGroup(StandardVersionedComponentSynchronizer.java:1212)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronizeChildGroups(StandardVersionedComponentSynchronizer.java:545)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronize(StandardVersionedComponentSynchronizer.java:447)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.addProcessGroup(StandardVersionedComponentSynchronizer.java:1212)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronizeChildGroups(StandardVersionedComponentSynchronizer.java:545)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronize(StandardVersionedComponentSynchronizer.java:447)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.lambda$synchronize$0(StandardVersionedComponentSynchronizer.java:248)}}
{{ at
org.apache.nifi.controller.flow.AbstractFlowManager.withParameterContextResolution(AbstractFlowManager.java:638)}}
{{ at
org.apache.nifi.flow.synchronization.StandardVersionedComponentSynchronizer.synchronize(StandardVersionedComponentSynchronizer.java:243)}}
{{ at
org.apache.nifi.groups.StandardProcessGroup.synchronizeFlow(StandardProcessGroup.java:3868)}}
{{ at
org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.synchronizeFlow(VersionedFlowSynchronizer.java:464)}}
{{ at
org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.sync(VersionedFlowSynchronizer.java:223)}}
{{ at
org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1743)}}
{{ at
[jira] [Created] (NIFI-12786) NiFi Data Provenance search date filter not working properly
macdoor615 created NIFI-12786: - Summary: NiFi Data Provenance search date filter not working properly Key: NIFI-12786 URL: https://issues.apache.org/jira/browse/NIFI-12786 Project: Apache NiFi Issue Type: Bug Components: Core UI Affects Versions: 2.0.0-M2 Environment: AlmaLinux 8.9 Kernel 4.18.0-513.5.1.el8_9.x86_64 Apache NiFi 2.0.0-M2 Reporter: macdoor615 Attachments: NiFi Data Provenance event list.png, Search with Start Date 2 days in advance.png, Search with default Start Date.png Select a FlowFile Uuid that just occurred from the NiFi Data Provenance event list, and then search. The result is empty. If you modify the Start Date 2 days in advance, the correct results will be returned. For comparison, 2.0.0-M1 can get correct search results with the default Start Date. pls refer uploaded pictures -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-12785) InvokeHTTP handler should not urlencode HTTP URL
macdoor615 created NIFI-12785: - Summary: InvokeHTTP handler should not urlencode HTTP URL Key: NIFI-12785 URL: https://issues.apache.org/jira/browse/NIFI-12785 Project: Apache NiFi Issue Type: Bug Components: Extensions Affects Versions: 2.0.0-M2 Environment: AlmaLinux 8.9 Kernel 4.18.0-513.5.1.el8_9.x86_64 Apache NiFi 2.0.0-M2 Reporter: macdoor615 Attachments: M1-output.png, M2-output.png InvokeHTTP processor call HTTP URL [http://hb3-ifz-gitlab-000:8100/gitlab/api/v4/projects/318/repository/files/ftp%2Fstage%2F15m%2Fheshangwuzhibo.yaml/raw?ref=main] output attribute invokehttp.request.url: [http://hb3-ifz-gitlab-000:8100/gitlab/api/v4/projects/318/repository/files/ftp%252Fstage%252F15m%252Fheshangwuzhibo.yaml/raw?ref=main] invokehttp.status.code: 404 The situation is different for version 2.0.0-M1, output attribute invokehttp.request.url: [http://hb3-ifz-gitlab-000:8100/gitlab/api/v4/projects/318/repository/files/ftp%2Fstage%2F15m%2Fheshangwuzhibo.yaml/raw?ref=main] invokehttp.status.code: 200 I found that in the M2 version % symbol was urlencoded to %25, M1 version. The M1 version does not urlencode pls refer to the uploaded pictures -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-11197) Add YAML Record Reader
[
https://issues.apache.org/jira/browse/NIFI-11197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17788640#comment-17788640
]
macdoor615 commented on NIFI-11197:
---
[~gbc] Here is my groovy script
{code:java}
import org.apache.commons.io.IOUtils;
import java.nio.charset.StandardCharsets;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
def flowFile = session.get()
if (!flowFile) return
//def attributes = flowFile.getAttributes()
flowFile = session.write(flowFile, {inputStream, outputStream ->
//text = IOUtils.toString(inputStream, StandardCharsets.UTF_8)
try {
String contentYaml = IOUtils.toString(inputStream,
String.valueOf(StandardCharsets.UTF_8))
ObjectMapper yamlReader = new ObjectMapper(new YAMLFactory());
Object obj = yamlReader.readValue(contentYaml, Object.class);
ObjectMapper jsonWriter = new ObjectMapper();
String
contentJson=jsonWriter.writerWithDefaultPrettyPrinter().writeValueAsString(obj);
outputStream.write(contentJson.getBytes(StandardCharsets.UTF_8));
} catch(JsonProcessingException e){
flowFile = session.putAttribute(flowFile, 'yaml-error', "yaml format error")
session.transfer(flowFile, REL_FAILURE)
return;
}catch (Exception e){
flowFile = session.putAttribute(flowFile, 'yaml-error', "convert error")
session.transfer(flowFile, REL_FAILURE)
return;
}
} as StreamCallback)
session.transfer(flowFile, REL_SUCCESS)
{code}
> Add YAML Record Reader
> --
>
> Key: NIFI-11197
> URL: https://issues.apache.org/jira/browse/NIFI-11197
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Extensions
>Affects Versions: 1.20.0
>Reporter: macdoor615
>Assignee: Daniel Stieglitz
>Priority: Major
> Fix For: 2.0.0-M1, 1.24.0
>
> Time Spent: 4h 40m
> Remaining Estimate: 0h
>
> The yaml format is basically equivalent to json. When used as a configuration
> file, it is much more convenient than json. It can have comments and the file
> is shorter.
> More and more systems adopt yaml format. Now we developed a conversion tool
> from yaml to json with the ExecuteGroovyScript processor.
> It is recommended to add a processor that can convert between yaml and json
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (NIFI-11989) ConvertExcelToCSVProcessor conversion will lose data if header line of xlsx file contains empty merged cells
macdoor615 created NIFI-11989: - Summary: ConvertExcelToCSVProcessor conversion will lose data if header line of xlsx file contains empty merged cells Key: NIFI-11989 URL: https://issues.apache.org/jira/browse/NIFI-11989 Project: Apache NiFi Issue Type: Bug Components: Extensions Affects Versions: 1.23.2 Environment: Linux hb3-prod-hadoop-000 4.18.0-477.13.1.el8_8.x86_64 #1 SMP Tue May 30 14:53:41 EDT 2023 x86_64 x86_64 x86_64 GNU/Linux Reporter: macdoor615 Attachments: header line with empty merged cell-1.xlsx, header line with empty merged cell.csv, header line with empty merged cell.xlsx, header line without empty merged cell.csv In the "header line with empty merged cell-1.xlsx" file, above the cells with contents "ca" and "cb" is an empty merged cell. Convert the "header line with empty merged cell-1.xlsx" file with ConvertExcelToCSVProcessor. The output csv file "header line with empty merged cell.csv" loses the content of the column after the empty merged cell, the content of the "dd" and ''ff" cells and the following cells are gone. As a comparison of the xlsx file, the merged cell has content, and the content is "c", so the subsequent columns will not be lost. The output is in the "header line without empty merged cell.csv" file -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-11197) yaml and json conversion processor
[ https://issues.apache.org/jira/browse/NIFI-11197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17739788#comment-17739788 ] macdoor615 commented on NIFI-11197: --- [~exceptionfactory] [~dstiegli1] That's great news. Actually, we also use the jackson-dataformat-yaml library in the ExecuteGroovyScript processor. > yaml and json conversion processor > -- > > Key: NIFI-11197 > URL: https://issues.apache.org/jira/browse/NIFI-11197 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.20.0 >Reporter: macdoor615 >Assignee: Daniel Stieglitz >Priority: Major > > The yaml format is basically equivalent to json. When used as a configuration > file, it is much more convenient than json. It can have comments and the file > is shorter. > More and more systems adopt yaml format. Now we developed a conversion tool > from yaml to json with the ExecuteGroovyScript processor. > It is recommended to add a processor that can convert between yaml and json -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17711965#comment-17711965
]
macdoor615 commented on NIFI-11409:
---
[~exceptionfactory] Thank you for your suggestion. Translating a hostname into
different IP in the internal and external network may be the only feasible
solution at present
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: RFC6749 flow.png, macdoor network topology.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
>
[jira] [Commented] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17711948#comment-17711948
]
macdoor615 commented on NIFI-11409:
---
[~exceptionfactory] Unfortunately, my problem has not been solved yet. Here is
my network topology,
!macdoor network topology.png|width=416,height=352!
NiFi Server is behind a firewall and cannot access the Internet from inside,
while WebUI is outside the firewall and cannot directly access intranet
resources, only through nginx.
Take authorization_endpoint and revocation_endpoint as an example, WebUI gets
OpenID Connect Discovery configuration from NiFi Server (step 1,2,3 in the
figure), so their URLs share the same hostname.
If I set hostname to external URL, start with [https://36.133.55.100:8943/,]
WebUI can successfully call authorization_endpoint (step 4 in the figure), but
NiFi Server will timeout when calling revocation_endpoint (step 5 in the
figure). In this scenario I can login but not logout.
{noformat}
"authorization_endpoint":
"https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/auth;,
"revocation_endpoint":
"https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke;
{noformat}
On the contrary, I set hostname to internal URL, start with
https://hb3-prod-lb-000:8943/, WebUI will timeout when calling
authorization_endpoint. In this scenario I cannot login.
{noformat}
"authorization_endpoint":
"https://hb3-prod-lb-000:8943/realms/zznode/protocol/openid-connect/auth;,
"revocation_endpoint":
"https://hb3-prod-lb-000:8943/realms/zznode/protocol/openid-connect/revoke;
{noformat}
Maybe I can add host in MacBook's /etc/hosts file
{code:java}
36.133.55 hb3-prod-lb-000{code}
But I still hope to find an elegant way
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: RFC6749 flow.png, macdoor network topology.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: macdoor network topology.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: RFC6749 flow.png, macdoor network topology.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: (was: macdoor network topology.png)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: RFC6749 flow.png, 截屏2023-04-08 12.40.30.png,
> 截屏2023-04-09 13.17.25.png, 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: macdoor network topology.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: RFC6749 flow.png, macdoor network topology.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
>
[jira] [Commented] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17711905#comment-17711905
]
macdoor615 commented on NIFI-11409:
---
[~exceptionfactory] You are right. The current implementation of NiFi is spec
compliant. My issue should not be a bug but a new feature. I suggest NiFi
support user-agent-based application in future version. In this way, NiFi can
support more complex network environments. In fact, the current WebUI of NiFi
is already very powerful.
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: RFC6749 flow.png, 截屏2023-04-08 12.40.30.png,
> 截屏2023-04-09 13.17.25.png, 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
>
[jira] [Commented] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17711715#comment-17711715
]
macdoor615 commented on NIFI-11409:
---
[~exceptionfactory]
You said "As the client, NiFi needs to call the revocation endpoint directly,
not through the browser"
I think NiFi consists of two applications, one is the NiFi WebUI running in the
browser, and the other is the NiFi Server running in the background. My
understanding of the specification of the RFC6749 is that NiFi WebUI act as the
role of Client, and NiFi server act as the role of Resource Server. Client
exchanges token with Authorization Server and Resource Server . Resource Server
does not exchange tokens with the Authorization Server directly.
So I think it should be NiFi WebUI to exchange token with keycloak. NiFi server
cannot act as the role of Client and Resource Server at the same time
[https://www.rfc-editor.org/rfc/rfc6749#section-1.5]
!RFC6749 flow.png|width=635,height=351!
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: RFC6749 flow.png, 截屏2023-04-08 12.40.30.png,
> 截屏2023-04-09 13.17.25.png, 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: RFC6749 flow.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: RFC6749 flow.png, 截屏2023-04-08 12.40.30.png,
> 截屏2023-04-09 13.17.25.png, 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: (was: Oracle OAuth 2.0 Flow notes.png)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: (was: image-2023-04-13-14-10-09-263.png)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: (was: image-2023-04-13-14-10-23-436.png)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: (was: oracle oauth_revoke_token_flow.png)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: Oracle OAuth 2.0 Flow notes.png,
> image-2023-04-13-14-10-09-263.png, image-2023-04-13-14-10-23-436.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: (was: RFC OAuth 2.0 Flow notes.png)
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: Oracle OAuth 2.0 Flow notes.png,
> image-2023-04-13-14-10-09-263.png, image-2023-04-13-14-10-23-436.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: image-2023-04-13-14-10-23-436.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: Oracle OAuth 2.0 Flow notes.png, RFC OAuth 2.0 Flow
> notes.png, image-2023-04-13-14-10-09-263.png,
> image-2023-04-13-14-10-23-436.png, oracle oauth_revoke_token_flow.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: image-2023-04-13-14-10-09-263.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: Oracle OAuth 2.0 Flow notes.png, RFC OAuth 2.0 Flow
> notes.png, image-2023-04-13-14-10-09-263.png,
> image-2023-04-13-14-10-23-436.png, oracle oauth_revoke_token_flow.png,
> 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: oracle oauth_revoke_token_flow.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: Oracle OAuth 2.0 Flow notes.png, RFC OAuth 2.0 Flow
> notes.png, oracle oauth_revoke_token_flow.png, 截屏2023-04-08 12.40.30.png,
> 截屏2023-04-09 13.17.25.png, 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
>
[jira] [Updated] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: Oracle OAuth 2.0 Flow notes.png
RFC OAuth 2.0 Flow notes.png
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: Oracle OAuth 2.0 Flow notes.png, RFC OAuth 2.0 Flow
> notes.png, 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, 截屏2023-04-09
> 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
>
[jira] [Comment Edited] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17710255#comment-17710255
]
macdoor615 edited comment on NIFI-11409 at 4/10/23 6:19 PM:
[~exceptionfactory] hb3-prod-lb-000 is internal IP, 36.133.55.100 is external
IP. Maybe the revocation_endpoint should be called from the browser, not from
the server side of nifi?
I don't know how NiFi 1.20 calls revocation_endpoint. NiFi 1.20 can logout
properly with same configuration.
was (Author: macdoor615):
[~exceptionfactory] hb3-prod-lb-000 is internal IP, 36.133.55.100 is external
IP. Maybe the revocation_endpoint should be called from the browser, not from
the server side of nifi?
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
>
[jira] [Commented] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17710255#comment-17710255
]
macdoor615 commented on NIFI-11409:
---
[~exceptionfactory] hb3-prod-lb-000 is internal IP, 36.133.55.100 is external
IP. Maybe the revocation_endpoint should be called from the browser, not from
the server side of nifi?
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
>
[jira] [Comment Edited] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17710246#comment-17710246
]
macdoor615 edited comment on NIFI-11409 at 4/10/23 5:55 PM:
[~exceptionfactory] But why can the standalone nifi server logout correctly?
only nifi cluster has this problem?
I place standalone nifi server and nifi cluster behind nginx. hb3-prod-lb-000
is internal hostname, ip is 10.18.69.2. It is not accessible from the internet.
NiFi can only access keycloak from internal network.
So I set.
{code:java}
nifi.security.user.oidc.discovery.url=https://hb3-prod-lb-000:8943/realms/zznode/.well-known/openid-configuration{code}
was (Author: macdoor615):
[~exceptionfactory] But why can the standalone nifi server logout correctly?
only nifi cluster has this problem?
I place standalone nifi server and nifi cluster behind nginx. hb3-prod-lb-000
is internal hostname, ip is 10.18.69.2. It is not accessible from the internet.
NiFi can only access keycloak from internal network.
So I set.
nifi.security.user.oidc.discovery.url=https://hb3-prod-lb-000:8943/realms/zznode/.well-known/openid-configuration
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
>
[jira] [Comment Edited] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17710246#comment-17710246
]
macdoor615 edited comment on NIFI-11409 at 4/10/23 5:55 PM:
[~exceptionfactory] But why can the standalone nifi server logout correctly?
only nifi cluster has this problem?
I place standalone nifi server and nifi cluster behind nginx. hb3-prod-lb-000
is internal hostname, ip is 10.18.69.2. It is not accessible from the internet.
NiFi can only access keycloak from internal network.
So I set.
nifi.security.user.oidc.discovery.url=https://hb3-prod-lb-000:8943/realms/zznode/.well-known/openid-configuration
was (Author: macdoor615):
[~exceptionfactory] But why can the standalone nifi server logout correctly?
only nifi cluster has this problem?
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
>
[jira] [Commented] (NIFI-11409) OIDC Token Revocation Error on Logout
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17710246#comment-17710246
]
macdoor615 commented on NIFI-11409:
---
[~exceptionfactory] But why can the standalone nifi server logout correctly?
only nifi cluster has this problem?
> OIDC Token Revocation Error on Logout
> -
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
>
[jira] [Commented] (NIFI-11409) nifi cluster cannot logout with oidc authentication
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17709940#comment-17709940
]
macdoor615 commented on NIFI-11409:
---
For reference, the nifi 1.21.0 stand-alone server can logout properly
!截屏2023-04-09 13.33.25.png|width=640,height=199!
But there are also errors in the log.
{code:java}
2023-04-09 13:39:38,383 WARN [NiFi Web Server-649981]
o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
processing failed
org.springframework.web.client.ResourceAccessException: I/O error on POST
request for
"https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
connect timed out; nested exception is java.net.SocketTimeoutException: connect
timed out
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
at
org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
at
org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
at
org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
at
org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
at
org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
at
org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
{code}
> nifi cluster cannot logout with oidc authentication
> ---
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
[jira] [Updated] (NIFI-11409) nifi cluster cannot logout with oidc authentication
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: 截屏2023-04-09 13.33.25.png
> nifi cluster cannot logout with oidc authentication
> ---
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png,
> 截屏2023-04-09 13.33.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
> at
>
[jira] [Commented] (NIFI-11409) nifi cluster cannot logout with oidc authentication
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17709938#comment-17709938
]
macdoor615 commented on NIFI-11409:
---
[~exceptionfactory] With exactly the same nifi.properties , keycloak
configuration and network configuration, Both NiFi 1.20.0/1.21.0 standalone
server and NiFI cluster 1.20.0 work fine
Here is OpenId configs in nifi.properties.
{code:java}
# OpenId Connect SSO Properties #
nifi.security.user.oidc.discovery.url=https://hb3-prod-lb-000:8943/realms/zznode/.well-known/openid-configuration
nifi.security.user.oidc.connect.timeout=5 secs
nifi.security.user.oidc.read.timeout=5 secs
nifi.security.user.oidc.client.id=nifi.server
nifi.security.user.oidc.client.secret=xx
nifi.security.user.oidc.preferred.jwsalgorithm=
nifi.security.user.oidc.additional.scopes=openid,email
nifi.security.user.oidc.claim.identifying.user=
nifi.security.user.oidc.fallback.claims.identifying.user=
nifi.security.user.oidc.truststore.strategy=NIFI
{code}
Here is the JSON content of the OpenID Connect Discovery configuration.
{code:java}
{
"issuer": "https://36.133.55.100:8943/realms/zznode;,
"authorization_endpoint":
"https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/auth;,
"token_endpoint":
"https://hb3-prod-lb-000:8943/realms/zznode/protocol/openid-connect/token;,
"introspection_endpoint":
"https://hb3-prod-lb-000:8943/realms/zznode/protocol/openid-connect/token/introspect;,
"userinfo_endpoint":
"https://hb3-prod-lb-000:8943/realms/zznode/protocol/openid-connect/userinfo;,
"end_session_endpoint":
"https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/logout;,
"frontchannel_logout_session_supported": true,
"frontchannel_logout_supported": true,
"jwks_uri":
"https://hb3-prod-lb-000:8943/realms/zznode/protocol/openid-connect/certs;,
"check_session_iframe":
"https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/login-status-iframe.html;,
"grant_types_supported": [
"authorization_code",
"implicit",
"refresh_token",
"password",
"client_credentials",
"urn:ietf:params:oauth:grant-type:device_code",
"urn:openid:params:grant-type:ciba"
],
"acr_values_supported": [
"0",
"1"
],
"response_types_supported": [
"code",
"none",
"id_token",
"token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"subject_types_supported": [
"public",
"pairwise"
],
"id_token_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
],
"id_token_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"id_token_encryption_enc_values_supported": [
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"userinfo_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512",
"none"
],
"userinfo_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"userinfo_encryption_enc_values_supported": [
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"request_object_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512",
"none"
],
"request_object_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"request_object_encryption_enc_values_supported": [
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"response_modes_supported": [
"query",
"fragment",
"form_post",
"query.jwt",
"fragment.jwt",
"form_post.jwt",
"jwt"
],
"registration_endpoint":
"https://hb3-prod-lb-000:8943/realms/zznode/clients-registrations/openid-connect;,
"token_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_basic",
"client_secret_post",
"tls_client_auth",
"client_secret_jwt"
],
"token_endpoint_auth_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
],
"introspection_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_basic",
"client_secret_post",
"tls_client_auth",
"client_secret_jwt"
],
"introspection_endpoint_auth_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
[jira] [Updated] (NIFI-11409) nifi cluster cannot logout with oidc authentication
[
https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11409:
--
Attachment: 截屏2023-04-09 13.17.25.png
> nifi cluster cannot logout with oidc authentication
> ---
>
> Key: NIFI-11409
> URL: https://issues.apache.org/jira/browse/NIFI-11409
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0 cluster with 4 nodes
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Priority: Major
> Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png
>
>
> My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
> I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
> !截屏2023-04-08 12.40.30.png|width=479,height=179!
> I also find 503 in nifi-request.log
>
> {code:java}
> 10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET
> /nifi-api/access/oidc/logout HTTP/1.1" 503 425
> "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
> Safari/605.1.15"{code}
>
> and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It
> can not be accessed in intra net.
>
> {code:java}
> 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
> o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
> processing failed
> org.springframework.web.client.ResourceAccessException: I/O error on POST
> request for
> "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
> connect timed out; nested exception is java.net.SocketTimeoutException:
> connect timed out
> at
> org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
> at
> org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
> at
> org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
> at
> org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
> at
> org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
> at
> org.apache.nifi.web.filter.ExceptionFilter.doFilter(ExceptionFilter.java:46)
>
[jira] [Created] (NIFI-11409) nifi cluster cannot logout with oidc authentication
macdoor615 created NIFI-11409:
-
Summary: nifi cluster cannot logout with oidc authentication
Key: NIFI-11409
URL: https://issues.apache.org/jira/browse/NIFI-11409
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework
Affects Versions: 1.21.0
Environment: NiFi 1.21.0 cluster with 4 nodes
openjdk version "11.0.18" 2023-01-17 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
11.0.18+10-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS,
mixed mode, sharing)
Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17
UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Keycloak 20.0.2
Reporter: macdoor615
Attachments: 截屏2023-04-08 12.40.30.png
My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication.
I can log in properly, but when I click logout on webui, I got HTTP ERROR 503.
!截屏2023-04-08 12.40.30.png|width=479,height=179!
I also find 503 in nifi-request.log
{code:java}
10.12.69.33 - - [08/Apr/2023:04:24:13 +] "GET /nifi-api/access/oidc/logout
HTTP/1.1" 503 425 "https://36.138.166.203:18088/nifi/; "Mozilla/5.0 (Macintosh;
Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5
Safari/605.1.15"{code}
and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It can
not be accessed in intra net.
{code:java}
2023-04-08 12:24:43,511 WARN [NiFi Web Server-59]
o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request
processing failed
org.springframework.web.client.ResourceAccessException: I/O error on POST
request for
"https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke":
connect timed out; nested exception is java.net.SocketTimeoutException: connect
timed out
at
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791)
at
org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666)
at
org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81)
at
org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70)
at
org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181)
at
org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159)
at
org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127)
at
org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at
org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
at
org.apache.nifi.web.filter.ExceptionFilter.doFilter(ExceptionFilter.java:46)
at
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201)
at
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
at
org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:487)
at
org.apache.nifi.web.server.filter.DataTransferExcludedDoSFilter.doFilterChain(DataTransferExcludedDoSFilter.java:51)
at
[jira] [Commented] (NIFI-11370) Unable to connect to OIDC service using NiFi truststore
[
https://issues.apache.org/jira/browse/NIFI-11370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17707475#comment-17707475
]
macdoor615 commented on NIFI-11370:
---
[~exceptionfactory] thanks for the quick response. I can now log in and out
correctly, keeping my previous nifi.properties
> Unable to connect to OIDC service using NiFi truststore
> ---
>
> Key: NIFI-11370
> URL: https://issues.apache.org/jira/browse/NIFI-11370
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Environment: NiFi 1.21.0 branch support/nifi-1.x commit
> 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Fix For: 2.0.0, 1.21.0
>
> Attachments: invalid_id_token.png
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> My NiFi 1.20 servers are all using NiFi truststore when connecting to the
> OIDC service.
> I set nifi.security.user.oidc.truststore.strategy in nifi.properties.
>
> {code:java}
> nifi.security.user.oidc.truststore.strategy=NIFI{code}
>
> I upgraded to NiFi 1.21.0 commit 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0.
> and got this error
> !invalid_id_token.png|width=1129,height=162!
> I delete nifi.security.user.oidc.truststore.strategy property in
> nifi.properties, import certifacate into {{cacerts,}} and use Java’s default
> {{cacerts}} truststore. Then I can log in webui properly
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-4890) OIDC Token Refresh should be supported
[ https://issues.apache.org/jira/browse/NIFI-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17707346#comment-17707346 ] macdoor615 commented on NIFI-4890: -- [~mcgilman] https://issues.apache.org/jira/browse/NIFI-11370 > OIDC Token Refresh should be supported > -- > > Key: NIFI-4890 > URL: https://issues.apache.org/jira/browse/NIFI-4890 > Project: Apache NiFi > Issue Type: Improvement > Components: Core UI >Affects Versions: 1.5.0 > Environment: Environment: > Browser: Chrome / Firefox > Configuration of NiFi: > - SSL certificate for the server (no client auth) > - OIDC configuration including end_session_endpoint (see the link > https://auth.s.orchestracities.com/auth/realms/default/.well-known/openid-configuration) > >Reporter: Federico Michele Facca >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0, 1.21.0 > > Attachments: image-2022-10-20-12-23-38-675.png > > Time Spent: 1.5h > Remaining Estimate: 0h > > It looks like the NIFI UI is not refreshing the OIDC token in background, and > because of that, when the token expires, tells you that your session is > expired. and you need to refresh the page, to get a new token. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-11370) Unable to connect to OIDC service using NiFi truststore
macdoor615 created NIFI-11370:
-
Summary: Unable to connect to OIDC service using NiFi truststore
Key: NIFI-11370
URL: https://issues.apache.org/jira/browse/NIFI-11370
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework
Affects Versions: 1.21.0
Environment: NiFi 1.21.0 branch support/nifi-1.x commit
006d1507d45d8358a9bdda29f28b48c8fd0ad4a0
openjdk version "11.0.18" 2023-01-17 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
11.0.18+10-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS,
mixed mode, sharing)
Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17
UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Keycloak 20.0.2
Reporter: macdoor615
Attachments: invalid_id_token.png
My NiFi 1.20 servers are all using NiFi truststore when connecting to the OIDC
service.
I set nifi.security.user.oidc.truststore.strategy in nifi.properties.
{code:java}
nifi.security.user.oidc.truststore.strategy=NIFI{code}
I upgraded to NiFi 1.21.0 commit 006d1507d45d8358a9bdda29f28b48c8fd0ad4a0. and
got this error
!invalid_id_token.png|width=1129,height=162!
I delete nifi.security.user.oidc.truststore.strategy property in
nifi.properties, import certifacate into {{cacerts,}} and use Java’s default
{{cacerts}} truststore. Then I can log in webui properly
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-11365) OIDC login does not comply with nifi.web.proxy.context.path
[
https://issues.apache.org/jira/browse/NIFI-11365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11365:
--
Environment:
NiFi 1.21.0-RC1
openjdk version "11.0.18" 2023-01-17 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
11.0.18+10-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS,
mixed mode, sharing)
Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17
UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Keycloak 20.0.2
was:
NiFi 1.21.0-RC1
openjdk version "11.0.18" 2023-01-17 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
11.0.18+10-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS,
mixed mode, sharing)
Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17
UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> OIDC login does not comply with nifi.web.proxy.context.path
> ---
>
> Key: NIFI-11365
> URL: https://issues.apache.org/jira/browse/NIFI-11365
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0-RC1
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> Keycloak 20.0.2
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.21.0
>
> Attachments: no nifi.web.proxy.context.path.png
>
>
> I upgraded NIFI from 1.20.0 to 1.21.0-RC1 without changing nifi.properties
> file. I can't log in to nifi webui. I found that Nifi webui did not comply
> with nifi.web.proxy.context.path settings when calling
> nifi-api/access/oidc/callback.
> !no nifi.web.proxy.context.path.png|width=577,height=164!
> I put NiFi server behind a nginx reverse proxy, and set
> nifi.web.proxy.context.path in nifi.properties
>
> {code:java}
> nifi.web.proxy.context.path=/hb3-ifz-bridge-004-nifi{code}
>
> I think it should prepend nifi-api/access/oidc/callback with
> nifi.web.proxy.context.path.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-4890) OIDC Token Refresh should be supported
[ https://issues.apache.org/jira/browse/NIFI-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17706727#comment-17706727 ] macdoor615 commented on NIFI-4890: -- [~mcgilman] https://issues.apache.org/jira/browse/NIFI-11365 > OIDC Token Refresh should be supported > -- > > Key: NIFI-4890 > URL: https://issues.apache.org/jira/browse/NIFI-4890 > Project: Apache NiFi > Issue Type: Improvement > Components: Core UI >Affects Versions: 1.5.0 > Environment: Environment: > Browser: Chrome / Firefox > Configuration of NiFi: > - SSL certificate for the server (no client auth) > - OIDC configuration including end_session_endpoint (see the link > https://auth.s.orchestracities.com/auth/realms/default/.well-known/openid-configuration) > >Reporter: Federico Michele Facca >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0, 1.21.0 > > Attachments: image-2022-10-20-12-23-38-675.png > > Time Spent: 1.5h > Remaining Estimate: 0h > > It looks like the NIFI UI is not refreshing the OIDC token in background, and > because of that, when the token expires, tells you that your session is > expired. and you need to refresh the page, to get a new token. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-11365) OIDC login does not comply with nifi.web.proxy.context.path
[
https://issues.apache.org/jira/browse/NIFI-11365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11365:
--
Description:
I upgraded NIFI from 1.20.0 to 1.21.0-RC1 without changing nifi.properties
file. I can't log in to nifi webui. I found that Nifi webui did not comply with
nifi.web.proxy.context.path settings when calling nifi-api/access/oidc/callback.
!no nifi.web.proxy.context.path.png|width=577,height=164!
I put NiFi server behind a nginx reverse proxy, and set
nifi.web.proxy.context.path in nifi.properties
{code:java}
nifi.web.proxy.context.path=/hb3-ifz-bridge-004-nifi{code}
I think it should prepend nifi-api/access/oidc/callback with
nifi.web.proxy.context.path.
was:
I upgraded NIFI from 1.20.0 to 1.21.0-RC1 without changing nifi.properties
file. I can't log in to nifi webui. I found that Nifi webui did not comply with
nifi.web.proxy.context.path settings when calling nifi-api/access/oidc/callback.
!no nifi.web.proxy.context.path.png|width=577,height=164!
I have set nifi.web.proxy.context.path in nifi.properties
{code:java}
nifi.web.proxy.context.path=/hb3-ifz-bridge-004-nifi{code}
I think it should prepend nifi-api/access/oidc/callback with
nifi.web.proxy.context.path.
> OIDC login does not comply with nifi.web.proxy.context.path
> ---
>
> Key: NIFI-11365
> URL: https://issues.apache.org/jira/browse/NIFI-11365
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0-RC1
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.21.0
>
> Attachments: no nifi.web.proxy.context.path.png
>
>
> I upgraded NIFI from 1.20.0 to 1.21.0-RC1 without changing nifi.properties
> file. I can't log in to nifi webui. I found that Nifi webui did not comply
> with nifi.web.proxy.context.path settings when calling
> nifi-api/access/oidc/callback.
> !no nifi.web.proxy.context.path.png|width=577,height=164!
> I put NiFi server behind a nginx reverse proxy, and set
> nifi.web.proxy.context.path in nifi.properties
>
> {code:java}
> nifi.web.proxy.context.path=/hb3-ifz-bridge-004-nifi{code}
>
> I think it should prepend nifi-api/access/oidc/callback with
> nifi.web.proxy.context.path.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-11365) OIDC login does not comply with nifi.web.proxy.context.path
[
https://issues.apache.org/jira/browse/NIFI-11365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-11365:
--
Summary: OIDC login does not comply with nifi.web.proxy.context.path (was:
OIDC login does not comply nifi.web.proxy.context.path)
> OIDC login does not comply with nifi.web.proxy.context.path
> ---
>
> Key: NIFI-11365
> URL: https://issues.apache.org/jira/browse/NIFI-11365
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.21.0
> Environment: NiFi 1.21.0-RC1
> openjdk version "11.0.18" 2023-01-17 LTS
> OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS)
> OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build
> 11.0.18+10-LTS, mixed mode, sharing)
> Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10
> 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.21.0
>
> Attachments: no nifi.web.proxy.context.path.png
>
>
> I upgraded NIFI from 1.20.0 to 1.21.0-RC1 without changing nifi.properties
> file. I can't log in to nifi webui. I found that Nifi webui did not comply
> with nifi.web.proxy.context.path settings when calling
> nifi-api/access/oidc/callback.
> !no nifi.web.proxy.context.path.png|width=577,height=164!
> I have set nifi.web.proxy.context.path in nifi.properties
>
> {code:java}
> nifi.web.proxy.context.path=/hb3-ifz-bridge-004-nifi{code}
>
> I think it should prepend nifi-api/access/oidc/callback with
> nifi.web.proxy.context.path.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (NIFI-11365) OIDC login does not comply nifi.web.proxy.context.path
macdoor615 created NIFI-11365:
-
Summary: OIDC login does not comply nifi.web.proxy.context.path
Key: NIFI-11365
URL: https://issues.apache.org/jira/browse/NIFI-11365
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework
Affects Versions: 1.21.0
Environment: NiFi 1.21.0-RC1
openjdk version "11.0.18" 2023-01-17 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
11.0.18+10-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS,
mixed mode, sharing)
Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17
UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Reporter: macdoor615
Fix For: 1.21.0
Attachments: no nifi.web.proxy.context.path.png
I upgraded NIFI from 1.20.0 to 1.21.0-RC1 without changing nifi.properties
file. I can't log in to nifi webui. I found that Nifi webui did not comply with
nifi.web.proxy.context.path settings when calling nifi-api/access/oidc/callback.
!no nifi.web.proxy.context.path.png|width=577,height=164!
I have set nifi.web.proxy.context.path in nifi.properties
{code:java}
nifi.web.proxy.context.path=/hb3-ifz-bridge-004-nifi{code}
I think it should prepend nifi-api/access/oidc/callback with
nifi.web.proxy.context.path.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (NIFI-11197) yaml and json conversion processor
macdoor615 created NIFI-11197: - Summary: yaml and json conversion processor Key: NIFI-11197 URL: https://issues.apache.org/jira/browse/NIFI-11197 Project: Apache NiFi Issue Type: Improvement Components: Extensions Affects Versions: 1.20.0 Reporter: macdoor615 The yaml format is basically equivalent to json. When used as a configuration file, it is much more convenient than json. It can have comments and the file is shorter. More and more systems adopt yaml format. Now we developed a conversion tool from yaml to json with the ExecuteGroovyScript processor. It is recommended to add a processor that can convert between yaml and json -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-11163) Key Manager initialization failed
[
https://issues.apache.org/jira/browse/NIFI-11163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17686869#comment-17686869
]
macdoor615 commented on NIFI-11163:
---
1. Linux
{code:java}
Linux hb3-prod-hadoop-002 3.10.0-1160.49.1.el7.x86_64 #1 SMP Tue Nov 30
15:51:32 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux{code}
2. JDK
{code:java}
openjdk version "11.0.18" 2023-01-17 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build
11.0.18+10-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS,
mixed mode, sharing)
{code}
3. nifi-registry.properties
{code:java}
# security properties #
nifi.registry.security.keystore=./conf/keystore.pkcs12
nifi.registry.security.keystoreType=PKCS12
nifi.registry.security.keystorePasswd=xxx
nifi.registry.security.keyPasswd=
nifi.registry.security.truststore=./conf/truststore.jks
nifi.registry.security.truststoreType=jks
nifi.registry.security.truststorePasswd=xxx
{code}
4. keystore.pkcs12 & truststore.jks
created using the NiFi TLS Toolkit 1.14.0.
Also used by NiFi 1.19.0 on the same server
> Key Manager initialization failed
> -
>
> Key: NIFI-11163
> URL: https://issues.apache.org/jira/browse/NIFI-11163
> Project: Apache NiFi
> Issue Type: Bug
> Components: NiFi Registry
>Affects Versions: 1.19.0, 1.20.0, 1.19.1
>Reporter: macdoor615
>Priority: Major
>
> Use the exact same nifi-registry.properties and keystore / truststore file.
> Version 1.18.0 starts and works properly.
> Version 1.20.0 / 1.19.1 / 1.19.0 reports the following error:
>
> {code:java}
> 2023-02-10 10:39:49,899 WARN [main] o.apache.nifi.registry.jetty.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.security.ssl.BuilderConfigurationException: Key Manager
> initialization failed
> at
> org.apache.nifi.security.ssl.StandardSslContextBuilder.getKeyManagers(StandardSslContextBuilder.java:120)
> at
> org.apache.nifi.security.ssl.StandardSslContextBuilder.build(StandardSslContextBuilder.java:55)
> at
> org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.buildSslContext(ApplicationServerConnectorFactory.java:149)
> at
> org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.(ApplicationServerConnectorFactory.java:76)
> at
> org.apache.nifi.registry.jetty.JettyServer.configureConnectors(JettyServer.java:150)
> at org.apache.nifi.registry.jetty.JettyServer.(JettyServer.java:101)
> at org.apache.nifi.registry.NiFiRegistry.(NiFiRegistry.java:114)
> at org.apache.nifi.registry.NiFiRegistry.main(NiFiRegistry.java:168)
> Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given
> final block not properly padded. Such issues can arise if a bad key is used
> during decryption.
> at
> java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:446)
> at
> java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:90)
> at java.base/java.security.KeyStore.getKey(KeyStore.java:1057)
> at
> java.base/sun.security.ssl.SunX509KeyManagerImpl.(SunX509KeyManagerImpl.java:145)
> at
> java.base/sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
> at java.base/javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:271)
> at
> org.apache.nifi.security.ssl.StandardSslContextBuilder.getKeyManagers(StandardSslContextBuilder.java:118)
> ... 7 common frames omitted
> Caused by: javax.crypto.BadPaddingException: Given final block not properly
> padded. Such issues can arise if a bad key is used during decryption.
> at java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)
> at
> java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)
> at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
> at
> java.base/com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:408)
> at
> java.base/com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:440)
> at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)
> at
> java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:387)
> at
> java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:283)
> at
> java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:381)
> ... 13 common frames omitted
> 2023-02-10 10:39:49,902 INFO [Thread-0] org.apache.nifi.registry.NiFiRegistry
> Initiating shutdown of Jetty web server...
> 2023-02-10 10:39:49,903 INFO [Thread-0] org.apache.nifi.registry.NiFiRegistry
> Jetty web server shutdown completed (nicely or otherwise).
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (NIFI-11163) Key Manager initialization failed
macdoor615 created NIFI-11163:
-
Summary: Key Manager initialization failed
Key: NIFI-11163
URL: https://issues.apache.org/jira/browse/NIFI-11163
Project: Apache NiFi
Issue Type: Bug
Components: NiFi Registry
Affects Versions: 1.19.1, 1.20.0, 1.19.0
Reporter: macdoor615
Use the exact same nifi-registry.properties and keystore / truststore file.
Version 1.18.0 starts and works properly.
Version 1.20.0 / 1.19.1 / 1.19.0 reports the following error:
{code:java}
2023-02-10 10:39:49,899 WARN [main] o.apache.nifi.registry.jetty.JettyServer
Failed to start web server... shutting down.
org.apache.nifi.security.ssl.BuilderConfigurationException: Key Manager
initialization failed
at
org.apache.nifi.security.ssl.StandardSslContextBuilder.getKeyManagers(StandardSslContextBuilder.java:120)
at
org.apache.nifi.security.ssl.StandardSslContextBuilder.build(StandardSslContextBuilder.java:55)
at
org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.buildSslContext(ApplicationServerConnectorFactory.java:149)
at
org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.(ApplicationServerConnectorFactory.java:76)
at
org.apache.nifi.registry.jetty.JettyServer.configureConnectors(JettyServer.java:150)
at org.apache.nifi.registry.jetty.JettyServer.(JettyServer.java:101)
at org.apache.nifi.registry.NiFiRegistry.(NiFiRegistry.java:114)
at org.apache.nifi.registry.NiFiRegistry.main(NiFiRegistry.java:168)
Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given final
block not properly padded. Such issues can arise if a bad key is used during
decryption.
at
java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:446)
at
java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:90)
at java.base/java.security.KeyStore.getKey(KeyStore.java:1057)
at
java.base/sun.security.ssl.SunX509KeyManagerImpl.(SunX509KeyManagerImpl.java:145)
at
java.base/sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
at java.base/javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:271)
at
org.apache.nifi.security.ssl.StandardSslContextBuilder.getKeyManagers(StandardSslContextBuilder.java:118)
... 7 common frames omitted
Caused by: javax.crypto.BadPaddingException: Given final block not properly
padded. Such issues can arise if a bad key is used during decryption.
at java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)
at
java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)
at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
at
java.base/com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:408)
at
java.base/com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:440)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)
at
java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:387)
at
java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:283)
at
java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:381)
... 13 common frames omitted
2023-02-10 10:39:49,902 INFO [Thread-0] org.apache.nifi.registry.NiFiRegistry
Initiating shutdown of Jetty web server...
2023-02-10 10:39:49,903 INFO [Thread-0] org.apache.nifi.registry.NiFiRegistry
Jetty web server shutdown completed (nicely or otherwise).
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-11162) When upgrading, rolling restart nodes to avoid service interruption
[ https://issues.apache.org/jira/browse/NIFI-11162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] macdoor615 updated NIFI-11162: -- Summary: When upgrading, rolling restart nodes to avoid service interruption (was: When upgrading, roll restart nodes to avoid cluster shutdown) > When upgrading, rolling restart nodes to avoid service interruption > --- > > Key: NIFI-11162 > URL: https://issues.apache.org/jira/browse/NIFI-11162 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 1.20.0 >Reporter: macdoor615 >Priority: Major > Fix For: 2.0.0 > > > The current upgrade requires stopping all nodes at the same time, upgrading > all nodes, and then restarting all nodes, which will interrupt the service. > It is recommended to support rolling upgrades, each node is stopped, > upgraded, and restarted one by one to avoid service interruption. > Before all nodes are upgraded, the early version of the inter-connection > protocol is adopted between nodes. When all nodes are upgraded, the > inter-connection protocol will upgrade to the current version. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-11162) When upgrading, roll restart nodes to avoid cluster shutdown
macdoor615 created NIFI-11162: - Summary: When upgrading, roll restart nodes to avoid cluster shutdown Key: NIFI-11162 URL: https://issues.apache.org/jira/browse/NIFI-11162 Project: Apache NiFi Issue Type: Bug Components: Core Framework Affects Versions: 1.20.0 Reporter: macdoor615 Fix For: 2.0.0 The current upgrade requires stopping all nodes at the same time, upgrading all nodes, and then restarting all nodes, which will interrupt the service. It is recommended to support rolling upgrades, each node is stopped, upgraded, and restarted one by one to avoid service interruption. Before all nodes are upgraded, the early version of the inter-connection protocol is adopted between nodes. When all nodes are upgraded, the inter-connection protocol will upgrade to the current version. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-10332) Add ID_TOKEN_LOGOUT support for general OpenID connect server, e.g. Keycloak
[
https://issues.apache.org/jira/browse/NIFI-10332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17624828#comment-17624828
]
macdoor615 commented on NIFI-10332:
---
Also need to support refresh token
https://issues.apache.org/jira/browse/NIFI-4890
> Add ID_TOKEN_LOGOUT support for general OpenID connect server, e.g. Keycloak
>
>
> Key: NIFI-10332
> URL: https://issues.apache.org/jira/browse/NIFI-10332
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core UI
>Affects Versions: 1.17.0
> Environment: NiFi 1.17.0, Keycloak 18.0.1
>Reporter: macdoor615
>Assignee: Nathan Gough
>Priority: Major
> Attachments: image-2022-08-09-16-56-25-791.png
>
>
> I deploy a NiFi 1.170 and authenticate with OpenID connect. Authentication
> server is Keycloak 18.0.1.
> I can log in and I can use UI properly.
> But when I logout. I get an error, can not redirect to NiFi UI or keycloak
> login UI
> !image-2022-08-09-16-56-25-791.png|width=782,height=347!
> [https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2F36.138.166.203%3A18089%2Fhb3-dmz-repos-000-nifi%2Fnifi-api%2F..%2Fnifi%2Flogout-complete]
> I made some investigation into source code. I found NiFi only support
> ID_TOKEN_LOGOUT for okta service. Keycloak and other Authentication server
> can not be supported.
> Keycloak say it is compliance OpenID connect spec.
> I modified a few lines of source code. Let it support ID_TOKEN_LOGOUT for
> keycloak. Now I can log out NiFi and redirect to keycloak login UI, and than
> login NiFi again.
> I suggest making nifi to support ID_TOKEN_LOGOUT in later version for general
> OpenID connect server.
> I modified the file,
> [https://github.com/apache/nifi/blob/main/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OIDCAccessResource.java]
> start from line 403
> {code:java}
> private String determineLogoutMethod(String oidcDiscoveryUrl) {
> Matcher accessTokenMatcher =
> REVOKE_ACCESS_TOKEN_LOGOUT_FORMAT.matcher(oidcDiscoveryUrl);
> Matcher idTokenMatcher =
> ID_TOKEN_LOGOUT_FORMAT.matcher(oidcDiscoveryUrl);
>
> if (accessTokenMatcher.find()) {
> return REVOKE_ACCESS_TOKEN_LOGOUT;
> } else {
> return ID_TOKEN_LOGOUT;
> }
> }
>
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-4890) OIDC Token Refresh is not done correctly
[ https://issues.apache.org/jira/browse/NIFI-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17621494#comment-17621494 ] macdoor615 commented on NIFI-4890: -- [~exceptionfactory] [~Browne] Increasing "Access Token Lifespan" increases security risk from access token leakage. So "Access Token Lifespan" is set to 5 minutes by default in keycloak. “Refresh Token” is used to solve the problem of repeated logins. I believe we still need “Refresh Token” > OIDC Token Refresh is not done correctly > > > Key: NIFI-4890 > URL: https://issues.apache.org/jira/browse/NIFI-4890 > Project: Apache NiFi > Issue Type: Bug > Components: Core UI >Affects Versions: 1.5.0 > Environment: Environment: > Browser: Chrome / Firefox > Configuration of NiFi: > - SSL certificate for the server (no client auth) > - OIDC configuration including end_session_endpoint (see the link > https://auth.s.orchestracities.com/auth/realms/default/.well-known/openid-configuration) > >Reporter: Federico Michele Facca >Assignee: David Handermann >Priority: Major > Attachments: image-2022-10-20-12-23-38-675.png > > > It looks like the NIFI UI is not refreshing the OIDC token in background, and > because of that, when the token expires, tells you that your session is > expired. and you need to refresh the page, to get a new token. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-10332) Add ID_TOKEN_LOGOUT support for general OpenID connect server, e.g. Keycloak
[
https://issues.apache.org/jira/browse/NIFI-10332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10332:
--
Summary: Add ID_TOKEN_LOGOUT support for general OpenID connect server,
e.g. Keycloak (was: Add ID_TOKEN_LOGOUT support for general OpenID connect
server, like Keycloak)
> Add ID_TOKEN_LOGOUT support for general OpenID connect server, e.g. Keycloak
>
>
> Key: NIFI-10332
> URL: https://issues.apache.org/jira/browse/NIFI-10332
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core UI
>Affects Versions: 1.17.0
> Environment: NiFi 1.17.0, Keycloak 18.0.1
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-09-16-56-25-791.png
>
>
> I deploy a NiFi 1.170 and authenticate with OpenID connect. Authentication
> server is Keycloak 18.0.1.
> I can log in and I can use UI properly.
> But when I logout. I get an error, can not redirect to NiFi UI or keycloak
> login UI
> !image-2022-08-09-16-56-25-791.png|width=782,height=347!
> [https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2F36.138.166.203%3A18089%2Fhb3-dmz-repos-000-nifi%2Fnifi-api%2F..%2Fnifi%2Flogout-complete]
> I made some investigation into source code. I found NiFi only support
> ID_TOKEN_LOGOUT for okta service. Keycloak and other Authentication server
> can not be supported.
> Keycloak say it is compliance OpenID connect spec.
> I modified a few lines of source code. Let it support ID_TOKEN_LOGOUT for
> keycloak. Now I can log out NiFi and redirect to keycloak login UI, and than
> login NiFi again.
> I suggest making nifi to support ID_TOKEN_LOGOUT in later version for general
> OpenID connect server.
> I modified the file,
> [https://github.com/apache/nifi/blob/main/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OIDCAccessResource.java]
> start from line 403
> {code:java}
> private String determineLogoutMethod(String oidcDiscoveryUrl) {
> Matcher accessTokenMatcher =
> REVOKE_ACCESS_TOKEN_LOGOUT_FORMAT.matcher(oidcDiscoveryUrl);
> Matcher idTokenMatcher =
> ID_TOKEN_LOGOUT_FORMAT.matcher(oidcDiscoveryUrl);
>
> if (accessTokenMatcher.find()) {
> return REVOKE_ACCESS_TOKEN_LOGOUT;
> } else {
> return ID_TOKEN_LOGOUT;
> }
> }
>
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (NIFI-10332) Add ID_TOKEN_LOGOUT support for general OpenID connect server, like Keycloak
macdoor615 created NIFI-10332:
-
Summary: Add ID_TOKEN_LOGOUT support for general OpenID connect
server, like Keycloak
Key: NIFI-10332
URL: https://issues.apache.org/jira/browse/NIFI-10332
Project: Apache NiFi
Issue Type: Improvement
Components: Core UI
Affects Versions: 1.17.0
Environment: NiFi 1.17.0, Keycloak 18.0.1
Reporter: macdoor615
Fix For: 1.18.0
Attachments: image-2022-08-09-16-56-25-791.png
I deploy a NiFi 1.170 and authenticate with OpenID connect. Authentication
server is Keycloak 18.0.1.
I can log in and I can use UI properly.
But when I logout. I get an error, can not redirect to NiFi UI or keycloak
login UI
!image-2022-08-09-16-56-25-791.png|width=782,height=347!
[https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2F36.138.166.203%3A18089%2Fhb3-dmz-repos-000-nifi%2Fnifi-api%2F..%2Fnifi%2Flogout-complete]
I made some investigation into source code. I found NiFi only support
ID_TOKEN_LOGOUT for okta service. Keycloak and other Authentication server can
not be supported.
Keycloak say it is compliance OpenID connect spec.
I modified a few lines of source code. Let it support ID_TOKEN_LOGOUT for
keycloak. Now I can log out NiFi and redirect to keycloak login UI, and than
login NiFi again.
I suggest making nifi to support ID_TOKEN_LOGOUT in later version for general
OpenID connect server.
I modified the file,
[https://github.com/apache/nifi/blob/main/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OIDCAccessResource.java]
start from line 403
{code:java}
private String determineLogoutMethod(String oidcDiscoveryUrl) {
Matcher accessTokenMatcher =
REVOKE_ACCESS_TOKEN_LOGOUT_FORMAT.matcher(oidcDiscoveryUrl);
Matcher idTokenMatcher =
ID_TOKEN_LOGOUT_FORMAT.matcher(oidcDiscoveryUrl);
if (accessTokenMatcher.find()) {
return REVOKE_ACCESS_TOKEN_LOGOUT;
} else {
return ID_TOKEN_LOGOUT;
}
}
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17577256#comment-17577256
]
macdoor615 commented on NIFI-10322:
---
[~exceptionfactory] Thank you!
I have tried both option.
* rebuild NiFi 1.17.0 from source with [GitHub Pull Request
#6278|https://github.com/apache/nifi/pull/6278]
* add proxy_cookie_path directive in nginx conf
Both options can be successful.
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Assignee: David Handermann
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png,
> image-2022-08-07-15-37-29-739.png, image-2022-08-07-15-43-14-922.png,
> image-2022-08-07-15-47-57-158.png, image-2022-08-07-15-53-47-220.png,
> image-2022-08-07-16-00-11-443.png, image-2022-08-07-16-11-38-180.png,
> image-2022-08-08-23-33-30-220.png, image-2022-08-08-23-35-02-773.png,
> image-2022-08-08-23-59-12-471.png, nginx-access.log.zip,
> nifi-1.16.3-logs.zip, nifi-1.17.0-logs.zip
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: nifi-1.16.3-logs.zip
nifi-1.17.0-logs.zip
nginx-access.log.zip
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png,
> image-2022-08-07-15-37-29-739.png, image-2022-08-07-15-43-14-922.png,
> image-2022-08-07-15-47-57-158.png, image-2022-08-07-15-53-47-220.png,
> image-2022-08-07-16-00-11-443.png, image-2022-08-07-16-11-38-180.png,
> image-2022-08-08-23-33-30-220.png, image-2022-08-08-23-35-02-773.png,
> image-2022-08-08-23-59-12-471.png, nginx-access.log.zip,
> nifi-1.16.3-logs.zip, nifi-1.17.0-logs.zip
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17576891#comment-17576891
]
macdoor615 commented on NIFI-10322:
---
[~exceptionfactory] Thank you for your explanation. I took more screenshot.
*NiFi 1.17.0 screenshot after session times out and try to login again.*
!image-2022-08-08-23-35-02-773.png|width=1292,height=975!
Request URL
{code:java}
https://36.138.166.203:18089/zqjkcj_nanjing-nifi/nifi-api/access/oidc/callback?state=qh1rso8umf2h934jnevkvl1ba4_state=f7bf8a87-8530-4f65-a21a-0f9ff3c34505=107fb3ab-af9b-46eb-9468-bcd3093754a8.f7bf8a87-8530-4f65-a21a-0f9ff3c34505.61127d6f-8931-4b59-9ee1-022299ce258b{code}
Response Headers
#
Connection:
keep-alive
#
Content-Length:
182
#
Content-Security-Policy:
frame-ancestors 'self'
#
Content-Type:
text/plain;charset=iso-8859-1
#
Date:
Mon, 08 Aug 2022 15:34:39 GMT
#
Server:
nginx
#
Set-Cookie:
__Secure-Authorization-Bearer=; Path=/zqjkcj_nanjing-nifi;
Domain=36.138.166.203; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT;
Secure; HttpOnly
#
Strict-Transport-Security:
max-age=31536000 ; includeSubDomains
#
WWW-Authenticate:
Bearer error="invalid_token", error_description="An error occurred while
attempting to decode the Jwt: Expired JWT",
error_uri="https://tools.ietf.org/html/rfc6750#section-3.1;
#
X-Content-Type-Options:
nosniff
#
X-Frame-Options:
SAMEORIGIN
#
X-ProxiedEntitiesAccepted:
true
#
X-XSS-Protection:
1; mode=block
Request Headers
#
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
#
Accept-Encoding:
gzip, deflate, br
#
Accept-Language:
zh-CN,zh;q=0.9
#
Connection:
keep-alive
#
Cookie:
__Secure-Request-Token=a7af6478-0789-4296-83d5-1da943fad995;
__Secure-Authorization-Bearer=eyJraWQiOiI4ZGFjNTViNy1iNjhlLTQ5MmEtOWQxZC0zOTdhZmU1Y2M1ZDkiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5OTcyMTg5LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5OTcyNDg4LCJpYXQiOjE2NTk5NzIxODksImp0aSI6IjE0YmQ0NmQ0LTFmMzQtNGU1NS1iZmQzLWVkMmFkOGIwMzMzZCJ9.fLbNehCN-nmhz6YmYFnr_A6WSPV7kKj-h24o3OXieSS7dXjRn0fpwAn2gwItidH0OmwQKU6vVon1fHdhUtvsSMbw4uP-DvfDaCLTMgd3lFW_75gHxwlsXTB-ZDgUolermeNQ9o4Fl9_jZTupcfTdVcXLxV4i4gd2HMy_8IkYZbBYDWcSBYXJkxCKIZS-JjkBd9TRH0cdpRWVC8FxvHOvRuM3FdBzME7SKB0yltl_kl-U3gnmEQL5ZEng4v7H6uEdrV0eh7fTPOJOuY9tIJ1lN8xswKvTkmVj7hAvqtK5Y9mu6gjSK7n-Bez4Md3X7smEfqJ3pGsHUOaWrioHqn6BMH_n28o8r4RpBx0XJ6ED-27UoYCctvkd7tFl3LEgBCGxnzddLo8gfKsZZSqctVtYxA2tYwr3Nxr2vobZBuN9xXemAJTxMURa9sLRTMs6P6tti2B4NT_EqigztCIRRC3ogPy8hFJhjvg16Cbq-tUiHtqw6humT1UQ5Cvu-w3bpq5hDEgJxB4dG-eR2zdyv9i82xs-d-nAPmWx9rOZm9rFAANgiEJIHNZ6aKFe6GflJIhNu1s2e2EbiUAZ1aHUXM1JGC7nMUjXDrMNtX-Dts12K42zE6Qg8rrY3o6V7kMvtIvLgIZRRwmVp1Jhwdm8WIOhV0rzXfULNTKuJSXOBbIDWpg;
nifi-oidc-request-identifier=eacf0292-ebb3-452b-884a-b374f4e17440
#
DNT:
1
#
Host:
36.138.166.203:18089
#
sec-ch-ua:
".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"
#
sec-ch-ua-mobile:
?0
#
sec-ch-ua-platform:
"macOS"
#
Sec-Fetch-Dest:
document
#
Sec-Fetch-Mode:
navigate
#
Sec-Fetch-Site:
cross-site
#
Upgrade-Insecure-Requests:
1
#
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/103.0.0.0 Safari/537.36
*NiFi 1.16.3 screenshot after session times out and refresh browser and login
again successfully.*
!image-2022-08-08-23-59-12-471.png|width=1310,height=955!
Request URL:
[https://36.138.166.203:18089/zqjkcj_nanjing-nifi/nifi-api/access/oidc/callback?state=grtd4u98nbh9ljclha6p3mht97_state=31d13a5d-c107-4f05-a002-62322f2fa588=cc5f3833-00b0-4c6f-b9db-da0a1812d78c.31d13a5d-c107-4f05-a002-62322f2fa588.61127d6f-8931-4b59-9ee1-022299ce258b]
Response Headers
#
Connection:
keep-alive
#
Content-Security-Policy:
frame-ancestors 'self'
#
Date:
Mon, 08 Aug 2022 15:58:27 GMT
#
Location:
https://36.138.166.203:18089/zqjkcj_nanjing-nifi/nifi/
#
Server:
nginx
#
Strict-Transport-Security:
max-age=3154
#
Transfer-Encoding:
chunked
#
X-Content-Type-Options:
nosniff
#
X-Frame-Options:
SAMEORIGIN
#
X-XSS-Protection:
1; mode=block
Reqeust Headers
#
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
#
Accept-Encoding:
gzip, deflate, br
#
Accept-Language:
zh-CN,zh;q=0.9
#
Connection:
keep-alive
#
Cookie:
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: image-2022-08-08-23-59-12-471.png
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png,
> image-2022-08-07-15-37-29-739.png, image-2022-08-07-15-43-14-922.png,
> image-2022-08-07-15-47-57-158.png, image-2022-08-07-15-53-47-220.png,
> image-2022-08-07-16-00-11-443.png, image-2022-08-07-16-11-38-180.png,
> image-2022-08-08-23-33-30-220.png, image-2022-08-08-23-35-02-773.png,
> image-2022-08-08-23-59-12-471.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: image-2022-08-08-23-35-02-773.png
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png,
> image-2022-08-07-15-37-29-739.png, image-2022-08-07-15-43-14-922.png,
> image-2022-08-07-15-47-57-158.png, image-2022-08-07-15-53-47-220.png,
> image-2022-08-07-16-00-11-443.png, image-2022-08-07-16-11-38-180.png,
> image-2022-08-08-23-33-30-220.png, image-2022-08-08-23-35-02-773.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: image-2022-08-08-23-33-30-220.png
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png,
> image-2022-08-07-15-37-29-739.png, image-2022-08-07-15-43-14-922.png,
> image-2022-08-07-15-47-57-158.png, image-2022-08-07-15-53-47-220.png,
> image-2022-08-07-16-00-11-443.png, image-2022-08-07-16-11-38-180.png,
> image-2022-08-08-23-33-30-220.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17576337#comment-17576337
]
macdoor615 commented on NIFI-10322:
---
[~exceptionfactory] You are right. My NiFis are behind nginx. I think I have
set nifi.properties properly.
{code:java}
nifi.web.proxy.context.path=/zqjkcj_nanjing-nifi,//
nifi.web.proxy.host=36.138.166.203:18089,172.31.64.10:18088
{code}
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png,
> image-2022-08-07-15-37-29-739.png, image-2022-08-07-15-43-14-922.png,
> image-2022-08-07-15-47-57-158.png, image-2022-08-07-15-53-47-220.png,
> image-2022-08-07-16-00-11-443.png, image-2022-08-07-16-11-38-180.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17576336#comment-17576336
]
macdoor615 commented on NIFI-10322:
---
[~exceptionfactory] Thank you.
Long story short. After NiFi 1.17.0 session times out. There is a Set-Cookie
header containing the __{{{}Secure-Authorization-Bearer{}}} paremeter, But
content is empty.
*NiFi 1.17.0 screenshot in session.*
!image-2022-08-07-15-37-29-739.png|width=1565,height=1164!
Response Headers:
#
Cache-Control:
private, no-cache, no-store, no-transform
#
Connection:
keep-alive
#
Content-Encoding:
gzip
#
Content-Length:
216
#
Content-Security-Policy:
frame-ancestors 'self'
#
Content-Type:
application/json
#
Date:
Sun, 07 Aug 2022 07:35:04 GMT
#
Server:
nginx
#
Strict-Transport-Security:
max-age=31536000 ; includeSubDomains
#
Vary:
Accept-Encoding
#
X-Content-Type-Options:
nosniff
#
X-Frame-Options:
SAMEORIGIN
#
X-ProxiedEntitiesAccepted:
true
#
X-XSS-Protection:
1; mode=block
Request Headers:
#
Accept:
application/json, text/javascript, */*; q=0.01
#
Accept-Encoding:
gzip, deflate, br
#
Accept-Language:
zh-CN,zh;q=0.9
#
Connection:
keep-alive
#
Cookie:
__Secure-Request-Token=ff6b6664-2e61-4abb-86f4-4bfd8592b461;
__Secure-Authorization-Bearer=eyJraWQiOiJmNTVlZmM4OS0yMTI3LTRmNjgtYjVjNi03NTdjN2YxMjk1N2IiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5ODU3NjY3LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5ODU3OTY2LCJpYXQiOjE2NTk4NTc2NjcsImp0aSI6IjJmMzgyYzQ0LTJkMzEtNDFjMC1iY2E3LWRiZjVhNzBhZTk5MCJ9.kVtyE-EIijCdD-SyduFL6BeYOCzSbb7aDGw0KrSSMXJfpPpL3m_LO0LuLpfuKEZ-ZgxKUd5A0oOCDMGwmiGDRMqEOPMvsa8jj2JgHczwhGZAolo9nsxdQoDiFMmTOOeNpy371WHd5ygUN-mBb6ALODfwSMIM0EUlNB-cOL_oDT-RnvJSKuaywZ5ywrAMLvfATf1aaZaGp9WI8Bjvo1-iEXLcB4J4AmRyGsMR7qMzrVUHHRS5EYNqZ_7wGJSp5OCGcl6PD1iLjU37WOsvHaZ1gDQfAihoQx-HIlKFwFu0KfUbEeQAsuPRIFcbDC7SamCXdDs-uOkK5xMr4TqP34yqdADt4smFCbPvDSK_bP61ObgF0NkUYwKPRJE8NgPTcbrKX1TE_4zTGJ25O0LugCXO4iFhCg67vfbNBWLs1yMfnUC06fqjNM2Iis9yzSsC3LR9d96eZIBwrjT7o6AvXdGQJNQpeopoSuRaZcb4mpPz504csxs7_jNj6TFzu5Rq7CKMFwmhicpUvmzXHcgnigJcbOTY-FDerDbZNtGY2Lvo48wPvSgEzfGXLDlJIAtcJzKqGZps0zeAl6ykZgNj12kNVDmJEb0ZcmEiYd84pXoGbsFsRFw5GNeh2YjK-HUL2b2ck9c26tCefz_8FGZO-NkhoNZnidD4Z-DGDPrfwIgIKkQ
#
DNT:
1
#
Host:
36.138.166.203:18089
#
Referer:
https://36.138.166.203:18089/zqjkcj_nanjing-nifi/nifi/
#
Request-Token:
ff6b6664-2e61-4abb-86f4-4bfd8592b461
#
sec-ch-ua:
".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"
#
sec-ch-ua-mobile:
?0
#
sec-ch-ua-platform:
"macOS"
#
Sec-Fetch-Dest:
empty
#
Sec-Fetch-Mode:
cors
#
Sec-Fetch-Site:
same-origin
#
User-Agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/103.0.0.0 Safari/537.36
#
X-Requested-With:
XMLHttpRequest
*NiFi 1.17.0 screenshot after session times out*
!image-2022-08-07-16-11-38-180.png|width=1462,height=1102!
Response Headers:
#
Connection:
keep-alive
#
Content-Length:
182
#
Content-Security-Policy:
frame-ancestors 'self'
#
Content-Type:
text/plain;charset=iso-8859-1
#
Date:
Sun, 07 Aug 2022 08:09:29 GMT
#
Server:
nginx
#
Set-Cookie:
*__Secure-Authorization-Bearer=; Path=/zqjkcj_nanjing-nifi;
Domain=36.138.166.203; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT;
Secure; HttpOnly*
#
Strict-Transport-Security:
max-age=31536000 ; includeSubDomains
#
WWW-Authenticate:
Bearer error="invalid_token", error_description="An error occurred while
attempting to decode the Jwt: Expired JWT",
error_uri="https://tools.ietf.org/html/rfc6750#section-3.1;
#
X-Content-Type-Options:
nosniff
#
X-Frame-Options:
SAMEORIGIN
#
X-ProxiedEntitiesAccepted:
true
#
X-XSS-Protection:
1; mode=block
Request Headers:
#
Accept:
application/json, text/javascript, */*; q=0.01
#
Accept-Encoding:
gzip, deflate, br
#
Accept-Language:
zh-CN,zh;q=0.9
#
Connection:
keep-alive
#
Cookie:
__Secure-Request-Token=857027eb-048b-4557-98fe-416de79c1499;
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: image-2022-08-07-16-11-38-180.png
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png,
> image-2022-08-07-15-37-29-739.png, image-2022-08-07-15-43-14-922.png,
> image-2022-08-07-15-47-57-158.png, image-2022-08-07-15-53-47-220.png,
> image-2022-08-07-16-00-11-443.png, image-2022-08-07-16-11-38-180.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: image-2022-08-07-16-00-11-443.png
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png,
> image-2022-08-07-15-37-29-739.png, image-2022-08-07-15-43-14-922.png,
> image-2022-08-07-15-47-57-158.png, image-2022-08-07-15-53-47-220.png,
> image-2022-08-07-16-00-11-443.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: image-2022-08-07-15-53-47-220.png
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png,
> image-2022-08-07-15-37-29-739.png, image-2022-08-07-15-43-14-922.png,
> image-2022-08-07-15-47-57-158.png, image-2022-08-07-15-53-47-220.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: image-2022-08-07-15-47-57-158.png
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png,
> image-2022-08-07-15-37-29-739.png, image-2022-08-07-15-43-14-922.png,
> image-2022-08-07-15-47-57-158.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: image-2022-08-07-15-43-14-922.png
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png,
> image-2022-08-07-15-37-29-739.png, image-2022-08-07-15-43-14-922.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: image-2022-08-07-15-37-29-739.png
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png,
> image-2022-08-07-15-37-29-739.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: image-2022-08-07-15-27-18-902.png
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png, image-2022-08-07-15-27-18-902.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: image-2022-08-07-15-22-36-213.png
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png,
> image-2022-08-07-15-22-36-213.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-10322) invalid_token error after OpenID connect session timeout
[
https://issues.apache.org/jira/browse/NIFI-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-10322:
--
Attachment: image-2022-08-07-14-28-09-058.png
> invalid_token error after OpenID connect session timeout
>
>
> Key: NIFI-10322
> URL: https://issues.apache.org/jira/browse/NIFI-10322
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: image-2022-08-05-22-48-17-835.png,
> image-2022-08-05-22-48-52-057.png, image-2022-08-07-14-28-09-058.png
>
>
> I follow
> [https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
> config NIFI 1.16.3 and it is work properly. If the session times out, login
> again and it will work again
> I configured 1.17.0 in the same way. I can login and operate nifi UI. But
> when session times out. I got the following error.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-17-835.png|width=758,height=108!
> I try to login again and get a new error, and I cannot enter the NIFI
> interface.
>
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Signed JWT rejected: Another algorithm
> expected, or no matching key(s) found",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
> !image-2022-08-05-22-48-52-057.png|width=594,height=143!
> I did some research, and found
> After the session times out,
> NIFI 1.16.3 leaves 3 cookies in browser:
> * nifi-logout-request-identifier
> * nifi-oidc-request-identifier
> * __Secure-Request-Token
> NIFI 1.17.0 leaves 2 cookies:
> * *__Secure-Authorization-Bearer*
> * __Secure-Request-Token
> __Secure-Authorization-Bearer cookie contains a expired JWT:
> {code:java}
> eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
> I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
> 1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (NIFI-10322) invalid_token error after OpenID connect session timeout
macdoor615 created NIFI-10322:
-
Summary: invalid_token error after OpenID connect session timeout
Key: NIFI-10322
URL: https://issues.apache.org/jira/browse/NIFI-10322
Project: Apache NiFi
Issue Type: Bug
Components: Core UI
Affects Versions: 1.17.0
Reporter: macdoor615
Fix For: 1.18.0
Attachments: image-2022-08-05-22-48-17-835.png,
image-2022-08-05-22-48-52-057.png
I follow
[https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
config NIFI 1.16.3 and it is work properly. If the session times out, login
again and it will work again
I configured 1.17.0 in the same way. I can login and operate nifi UI. But when
session times out. I got the following error.
{code:java}
Unauthorized error="invalid_token", error_description="An error occurred while
attempting to decode the Jwt: Expired JWT",
error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
!image-2022-08-05-22-48-17-835.png|width=758,height=108!
I try to login again and get a new error, and I cannot enter the NIFI interface.
{code:java}
Unauthorized error="invalid_token", error_description="An error occurred while
attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected,
or no matching key(s) found",
error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
!image-2022-08-05-22-48-52-057.png|width=594,height=143!
I did some research, and found
After the session times out,
NIFI 1.16.3 leaves 3 cookies in browser:
* nifi-logout-request-identifier
* nifi-oidc-request-identifier
* __Secure-Request-Token
NIFI 1.17.0 leaves 2 cookies:
* *__Secure-Authorization-Bearer*
* __Secure-Request-Token
__Secure-Authorization-Bearer cookie contains a expired JWT:
{code:java}
eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-10321) invalid_token error after SAML session timeout
[
https://issues.apache.org/jira/browse/NIFI-10321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17575865#comment-17575865
]
macdoor615 commented on NIFI-10321:
---
[~exceptionfactory] , you are right. The session times out, and It is
necessary to initiate a new login. But the message make user confuse. I suggest
providing a more understandable message, something like "Session times out,
login again"
> invalid_token error after SAML session timeout
> ---
>
> Key: NIFI-10321
> URL: https://issues.apache.org/jira/browse/NIFI-10321
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.17.0
> Environment: CentOS 8, NIFI 1.17.0, Keycloak 19.0.1
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.18.0
>
> Attachments: 截屏2022-08-05 13.31.47.png
>
>
> I follow
> [https://bryanbende.com/development/2021/02/17/apache-nifi-saml-keycloak] to
> config nifi 1.17.0. NIFI can login successful with SAML Authentication with
> Keycloak 19.0.1. But when nifi times out with SAML session. NIFI UI gives the
> following error.
> {code:java}
> Unauthorized error="invalid_token", error_description="An error occurred
> while attempting to decode the Jwt: Expired JWT",
> error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (NIFI-10321) invalid_token error after SAML session timeout
macdoor615 created NIFI-10321:
-
Summary: invalid_token error after SAML session timeout
Key: NIFI-10321
URL: https://issues.apache.org/jira/browse/NIFI-10321
Project: Apache NiFi
Issue Type: Bug
Components: Core UI
Affects Versions: 1.17.0
Environment: CentOS 8, NIFI 1.17.0, Keycloak 19.0.1
Reporter: macdoor615
Fix For: 1.18.0
Attachments: 截屏2022-08-05 13.31.47.png
I follow
[https://bryanbende.com/development/2021/02/17/apache-nifi-saml-keycloak] to
config nifi 1.17.0. NIFI can login successful with SAML Authentication with
Keycloak 19.0.1. But when nifi times out with SAML session. NIFI UI gives the
following error.
{code:java}
Unauthorized error="invalid_token", error_description="An error occurred while
attempting to decode the Jwt: Expired JWT",
error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-4983) JsonTreeReader and JsonPathReader should utilize specified date/time/timestamp format when used from ValidateRecord
[ https://issues.apache.org/jira/browse/NIFI-4983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17522739#comment-17522739 ] macdoor615 commented on NIFI-4983: -- this feature is useful > JsonTreeReader and JsonPathReader should utilize specified > date/time/timestamp format when used from ValidateRecord > --- > > Key: NIFI-4983 > URL: https://issues.apache.org/jira/browse/NIFI-4983 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Reporter: Koji Kawamura >Assignee: Derek Straka >Priority: Major > Attachments: NIFI-4983.xml > > > Similar to CSVRecordReader, JSON readers should utilize specified date format > for Record validation. > JsonPathRowRecordReader.convert(final Object value, final DataType dataType) > is called when coerceTypes is false. But the method currently does not > convert String values for Date/Time/Timestamp field types at all. The method > should try convert like CSVRecordReader does. Without doing so, > ValidateRecord routes any records validated against a record schema having > Date/Time/Timestamp fields to 'invalid' relationship. > https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/src/main/java/org/apache/nifi/json/JsonPathRowRecordReader.java#L138 > A NiFi template file to illustrate the issue is attached. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (NIFI-9415) GetSNMP processor can accept input connection
macdoor615 created NIFI-9415: Summary: GetSNMP processor can accept input connection Key: NIFI-9415 URL: https://issues.apache.org/jira/browse/NIFI-9415 Project: Apache NiFi Issue Type: Improvement Components: Core Framework Affects Versions: 1.15.0 Reporter: macdoor615 Fix For: 1.16.0 Attachments: 截屏2021-11-27 上午12.33.51.png, 截屏2021-11-27 上午12.35.29-1.png We need to poll snmp data from a lot of device and device list change frequently. It is impossible to deploy a lot GetSNMP processor with fixed "SNMP Agent Hostname" We want GetSNMP processor can accept input connection, "SNMP Agent Hostname" attribute can support expression language and change dynamically. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (NIFI-7033) wrong redirect from login/logout page when behind a custom url prefix/context
[
https://issues.apache.org/jira/browse/NIFI-7033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17381131#comment-17381131
]
macdoor615 commented on NIFI-7033:
--
I upgrade to 1.14.0. same problem
> wrong redirect from login/logout page when behind a custom url prefix/context
> -
>
> Key: NIFI-7033
> URL: https://issues.apache.org/jira/browse/NIFI-7033
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
>Affects Versions: 1.10.0
> Environment: NiFi official Docker Container, behind HAProxy, RHEL
> 7.6, Docker 18.06.0-ce
>Reporter: Rastislav Krist
>Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Login/logout pages don't redirect properly when NiFi is deployed on a custom
> URL prefix (context). For example when deploying NiFi on custom URL like
> [https://nifi-host/mynifi|https://nifi-host/mynifi,] (using HAPROXY, setting
> nifi.web.proxy.host=mynifi), UI works perfectly (via
> [https://nifi-host/mynifi/nifi/|https://nifi-host/mynifi,]). Problem is with
> login/logout pages, which both don't seem to honor X-ProxyContextPath and
> after successfull login/logout they both redirect to
> [https://nifi-host/nifi|https://nifi-host/mynifi,].
> After some investigations made, the problem on login page seems to be in
> nf-login.js containing hardcoded url in lines 121-125:
> {code:java}
> if (accessStatus.status === 'ACTIVE') {
> // reload as appropriate - no need to schedule token refresh as the page
> is reloading
> if (top !== window) {
> parent.window.location = '/nifi';
> } else {
> window.location = '/nifi';
> }
> } else {
> ...
> {code}
> where on logout page, redirect url is composed purely using
> HttpServletResponse in LogoutFilter.java, 53 (without examining
> X-ProxyContextPath):
> {code:java}
> ((HttpServletResponse) response).sendRedirect("login");
> {code}
> Found a similar issue with OpenID fixed few version ago, I am not sure if it
> is somehow related: NIFI-5237
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (NIFI-8331) PutHDFS sometime complain "File does not exist" and lost file
[
https://issues.apache.org/jira/browse/NIFI-8331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 resolved NIFI-8331.
--
Fix Version/s: 1.13.2
Resolution: Fixed
I upgrade to 1.13.2. the problem disppear. it maybe related to
https://issues.apache.org/jira/browse/NIFI-8337
> PutHDFS sometime complain "File does not exist" and lost file
> -
>
> Key: NIFI-8331
> URL: https://issues.apache.org/jira/browse/NIFI-8331
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.13.1
> Environment: nifi 1.13.1
> Linux hb3-prod-gem-bnpmp-001 3.10.0-1160.15.2.el7.x86_64 #1 SMP Wed Feb 3
> 15:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
> openjdk version "1.8.0_282"
> OpenJDK Runtime Environment (build 1.8.0_282-b08)
> OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)
> Hadoop 3.3.0
> 2 name node
> 4 data node
>Reporter: macdoor615
>Priority: Major
> Fix For: 1.13.2
>
>
> # upgrade to nifi 1.13.1 from 1.13.0, and run same flow.xml.gz
> # PutHDFS sometime complain "File does not exist" and lost file, throw
> {code:java}
> 2021-03-17 11:21:04,443 WARN [Thread-919036]
> org.apache.hadoop.hdfs.DataStreamer DataStreamer Exception
> java.io.FileNotFoundException: File does not exist:
> /data/ftp/BAOMIHUIYI/B200/POID-00083/.100141_B200_141_202103170800_202103170900.txt
> (inode 152965963) [Lease. Holder: DFSClient_NONMAPREDUCE_360664168_65,
> pending creates: 1]
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkLease(FSNamesystem.java:3050)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.analyzeFileState(FSDirWriteFileOp.java:610)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.validateAddBlock(FSDirWriteFileOp.java:171)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getAdditionalBlock(FSNamesystem.java:2927)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.addBlock(NameNodeRpcServer.java:908)
> at
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.addBlock(ClientNamenodeProtocolServerSideTranslatorPB.java:593)
> at
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
> at
> org.apache.hadoop.ipc.ProtobufRpcEngine2$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine2.java:532)
> at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1070)
> at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:1020)
> at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:948)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1845)
> at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2952)
> at sun.reflect.GeneratedConstructorAccessor197.newInstance(Unknown Source)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> at
> org.apache.hadoop.ipc.RemoteException.instantiateException(RemoteException.java:121)
> at
> org.apache.hadoop.ipc.RemoteException.unwrapRemoteException(RemoteException.java:88)
> at org.apache.hadoop.hdfs.DFSOutputStream.addBlock(DFSOutputStream.java:1093)
> at
> org.apache.hadoop.hdfs.DataStreamer.locateFollowingBlock(DataStreamer.java:1867)
> at
> org.apache.hadoop.hdfs.DataStreamer.nextBlockOutputStream(DataStreamer.java:1669)
> at org.apache.hadoop.hdfs.DataStreamer.run(DataStreamer.java:715)
> Caused by: org.apache.hadoop.ipc.RemoteException: File does not exist:
> /data/ftp/BAOMIHUIYI/B200/POID-00083/.100141_B200_141_202103170800_202103170900.txt
> (inode 152965963) [Lease. Holder: DFSClient_NONMAPREDUCE_360664168_65,
> pending creates: 1]
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkLease(FSNamesystem.java:3050)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.analyzeFileState(FSDirWriteFileOp.java:610)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.validateAddBlock(FSDirWriteFileOp.java:171)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getAdditionalBlock(FSNamesystem.java:2927)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.addBlock(NameNodeRpcServer.java:908)
> at
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.addBlock(ClientNamenodeProtocolServerSideTranslatorPB.java:593)
> at
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
> at
>
[jira] [Commented] (NIFI-8331) PutHDFS sometime complain "File does not exist" and lost file
[
https://issues.apache.org/jira/browse/NIFI-8331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17303586#comment-17303586
]
macdoor615 commented on NIFI-8331:
--
I didn't stop PutHDFS when I stop 1.13.0. Maybe something wrong during
upgrade?
> PutHDFS sometime complain "File does not exist" and lost file
> -
>
> Key: NIFI-8331
> URL: https://issues.apache.org/jira/browse/NIFI-8331
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.13.1
> Environment: nifi 1.13.1
> Linux hb3-prod-gem-bnpmp-001 3.10.0-1160.15.2.el7.x86_64 #1 SMP Wed Feb 3
> 15:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
> openjdk version "1.8.0_282"
> OpenJDK Runtime Environment (build 1.8.0_282-b08)
> OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)
> Hadoop 3.3.0
> 2 name node
> 4 data node
>Reporter: macdoor615
>Priority: Major
>
> # upgrade to nifi 1.13.1 from 1.13.0, and run same flow.xml.gz
> # PutHDFS sometime complain "File does not exist" and lost file, throw
> {code:java}
> 2021-03-17 11:21:04,443 WARN [Thread-919036]
> org.apache.hadoop.hdfs.DataStreamer DataStreamer Exception
> java.io.FileNotFoundException: File does not exist:
> /data/ftp/BAOMIHUIYI/B200/POID-00083/.100141_B200_141_202103170800_202103170900.txt
> (inode 152965963) [Lease. Holder: DFSClient_NONMAPREDUCE_360664168_65,
> pending creates: 1]
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkLease(FSNamesystem.java:3050)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.analyzeFileState(FSDirWriteFileOp.java:610)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.validateAddBlock(FSDirWriteFileOp.java:171)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getAdditionalBlock(FSNamesystem.java:2927)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.addBlock(NameNodeRpcServer.java:908)
> at
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.addBlock(ClientNamenodeProtocolServerSideTranslatorPB.java:593)
> at
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
> at
> org.apache.hadoop.ipc.ProtobufRpcEngine2$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine2.java:532)
> at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1070)
> at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:1020)
> at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:948)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1845)
> at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2952)
> at sun.reflect.GeneratedConstructorAccessor197.newInstance(Unknown Source)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> at
> org.apache.hadoop.ipc.RemoteException.instantiateException(RemoteException.java:121)
> at
> org.apache.hadoop.ipc.RemoteException.unwrapRemoteException(RemoteException.java:88)
> at org.apache.hadoop.hdfs.DFSOutputStream.addBlock(DFSOutputStream.java:1093)
> at
> org.apache.hadoop.hdfs.DataStreamer.locateFollowingBlock(DataStreamer.java:1867)
> at
> org.apache.hadoop.hdfs.DataStreamer.nextBlockOutputStream(DataStreamer.java:1669)
> at org.apache.hadoop.hdfs.DataStreamer.run(DataStreamer.java:715)
> Caused by: org.apache.hadoop.ipc.RemoteException: File does not exist:
> /data/ftp/BAOMIHUIYI/B200/POID-00083/.100141_B200_141_202103170800_202103170900.txt
> (inode 152965963) [Lease. Holder: DFSClient_NONMAPREDUCE_360664168_65,
> pending creates: 1]
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkLease(FSNamesystem.java:3050)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.analyzeFileState(FSDirWriteFileOp.java:610)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.validateAddBlock(FSDirWriteFileOp.java:171)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getAdditionalBlock(FSNamesystem.java:2927)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.addBlock(NameNodeRpcServer.java:908)
> at
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.addBlock(ClientNamenodeProtocolServerSideTranslatorPB.java:593)
> at
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
> at
> org.apache.hadoop.ipc.ProtobufRpcEngine2$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine2.java:532)
> at
[jira] [Commented] (NIFI-8331) PutHDFS sometime complain "File does not exist" and lost file
[
https://issues.apache.org/jira/browse/NIFI-8331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17303578#comment-17303578
]
macdoor615 commented on NIFI-8331:
--
when I upgrade to 1.13.1. I moved *repository and state folder from 1.13.0 to
1.13.1
> PutHDFS sometime complain "File does not exist" and lost file
> -
>
> Key: NIFI-8331
> URL: https://issues.apache.org/jira/browse/NIFI-8331
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.13.1
> Environment: nifi 1.13.1
> Linux hb3-prod-gem-bnpmp-001 3.10.0-1160.15.2.el7.x86_64 #1 SMP Wed Feb 3
> 15:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
> openjdk version "1.8.0_282"
> OpenJDK Runtime Environment (build 1.8.0_282-b08)
> OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)
> Hadoop 3.3.0
> 2 name node
> 4 data node
>Reporter: macdoor615
>Priority: Major
>
> # upgrade to nifi 1.13.1 from 1.13.0, and run same flow.xml.gz
> # PutHDFS sometime complain "File does not exist" and lost file, throw
> {code:java}
> 2021-03-17 11:21:04,443 WARN [Thread-919036]
> org.apache.hadoop.hdfs.DataStreamer DataStreamer Exception
> java.io.FileNotFoundException: File does not exist:
> /data/ftp/BAOMIHUIYI/B200/POID-00083/.100141_B200_141_202103170800_202103170900.txt
> (inode 152965963) [Lease. Holder: DFSClient_NONMAPREDUCE_360664168_65,
> pending creates: 1]
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkLease(FSNamesystem.java:3050)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.analyzeFileState(FSDirWriteFileOp.java:610)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.validateAddBlock(FSDirWriteFileOp.java:171)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getAdditionalBlock(FSNamesystem.java:2927)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.addBlock(NameNodeRpcServer.java:908)
> at
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.addBlock(ClientNamenodeProtocolServerSideTranslatorPB.java:593)
> at
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
> at
> org.apache.hadoop.ipc.ProtobufRpcEngine2$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine2.java:532)
> at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1070)
> at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:1020)
> at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:948)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1845)
> at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2952)
> at sun.reflect.GeneratedConstructorAccessor197.newInstance(Unknown Source)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> at
> org.apache.hadoop.ipc.RemoteException.instantiateException(RemoteException.java:121)
> at
> org.apache.hadoop.ipc.RemoteException.unwrapRemoteException(RemoteException.java:88)
> at org.apache.hadoop.hdfs.DFSOutputStream.addBlock(DFSOutputStream.java:1093)
> at
> org.apache.hadoop.hdfs.DataStreamer.locateFollowingBlock(DataStreamer.java:1867)
> at
> org.apache.hadoop.hdfs.DataStreamer.nextBlockOutputStream(DataStreamer.java:1669)
> at org.apache.hadoop.hdfs.DataStreamer.run(DataStreamer.java:715)
> Caused by: org.apache.hadoop.ipc.RemoteException: File does not exist:
> /data/ftp/BAOMIHUIYI/B200/POID-00083/.100141_B200_141_202103170800_202103170900.txt
> (inode 152965963) [Lease. Holder: DFSClient_NONMAPREDUCE_360664168_65,
> pending creates: 1]
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkLease(FSNamesystem.java:3050)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.analyzeFileState(FSDirWriteFileOp.java:610)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.validateAddBlock(FSDirWriteFileOp.java:171)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getAdditionalBlock(FSNamesystem.java:2927)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.addBlock(NameNodeRpcServer.java:908)
> at
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.addBlock(ClientNamenodeProtocolServerSideTranslatorPB.java:593)
> at
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
> at
> org.apache.hadoop.ipc.ProtobufRpcEngine2$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine2.java:532)
> at
[jira] [Updated] (NIFI-8331) PutHDFS sometime complain "File does not exist" and lost file
[
https://issues.apache.org/jira/browse/NIFI-8331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-8331:
-
Environment:
nifi 1.13.1
Linux hb3-prod-gem-bnpmp-001 3.10.0-1160.15.2.el7.x86_64 #1 SMP Wed Feb 3
15:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
openjdk version "1.8.0_282"
OpenJDK Runtime Environment (build 1.8.0_282-b08)
OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)
Hadoop 3.3.0
2 name node
4 data node
was:
nifi 1.13.1
Linux hb3-prod-gem-bnpmp-001 3.10.0-1160.15.2.el7.x86_64 #1 SMP Wed Feb 3
15:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
openjdk version "1.8.0_282"
OpenJDK Runtime Environment (build 1.8.0_282-b08)
OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)
> PutHDFS sometime complain "File does not exist" and lost file
> -
>
> Key: NIFI-8331
> URL: https://issues.apache.org/jira/browse/NIFI-8331
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.13.1
> Environment: nifi 1.13.1
> Linux hb3-prod-gem-bnpmp-001 3.10.0-1160.15.2.el7.x86_64 #1 SMP Wed Feb 3
> 15:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
> openjdk version "1.8.0_282"
> OpenJDK Runtime Environment (build 1.8.0_282-b08)
> OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)
> Hadoop 3.3.0
> 2 name node
> 4 data node
>Reporter: macdoor615
>Priority: Major
>
> # upgrade to nifi 1.13.1 from 1.13.0, and run same flow.xml.gz
> # PutHDFS sometime complain "File does not exist" and lost file, throw
> {code:java}
> 2021-03-17 11:21:04,443 WARN [Thread-919036]
> org.apache.hadoop.hdfs.DataStreamer DataStreamer Exception
> java.io.FileNotFoundException: File does not exist:
> /data/ftp/BAOMIHUIYI/B200/POID-00083/.100141_B200_141_202103170800_202103170900.txt
> (inode 152965963) [Lease. Holder: DFSClient_NONMAPREDUCE_360664168_65,
> pending creates: 1]
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkLease(FSNamesystem.java:3050)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.analyzeFileState(FSDirWriteFileOp.java:610)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.validateAddBlock(FSDirWriteFileOp.java:171)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getAdditionalBlock(FSNamesystem.java:2927)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.addBlock(NameNodeRpcServer.java:908)
> at
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.addBlock(ClientNamenodeProtocolServerSideTranslatorPB.java:593)
> at
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
> at
> org.apache.hadoop.ipc.ProtobufRpcEngine2$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine2.java:532)
> at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1070)
> at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:1020)
> at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:948)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1845)
> at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2952)
> at sun.reflect.GeneratedConstructorAccessor197.newInstance(Unknown Source)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> at
> org.apache.hadoop.ipc.RemoteException.instantiateException(RemoteException.java:121)
> at
> org.apache.hadoop.ipc.RemoteException.unwrapRemoteException(RemoteException.java:88)
> at org.apache.hadoop.hdfs.DFSOutputStream.addBlock(DFSOutputStream.java:1093)
> at
> org.apache.hadoop.hdfs.DataStreamer.locateFollowingBlock(DataStreamer.java:1867)
> at
> org.apache.hadoop.hdfs.DataStreamer.nextBlockOutputStream(DataStreamer.java:1669)
> at org.apache.hadoop.hdfs.DataStreamer.run(DataStreamer.java:715)
> Caused by: org.apache.hadoop.ipc.RemoteException: File does not exist:
> /data/ftp/BAOMIHUIYI/B200/POID-00083/.100141_B200_141_202103170800_202103170900.txt
> (inode 152965963) [Lease. Holder: DFSClient_NONMAPREDUCE_360664168_65,
> pending creates: 1]
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkLease(FSNamesystem.java:3050)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.analyzeFileState(FSDirWriteFileOp.java:610)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.validateAddBlock(FSDirWriteFileOp.java:171)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getAdditionalBlock(FSNamesystem.java:2927)
> at
>
[jira] [Created] (NIFI-8331) PutHDFS sometime complain "File does not exist" and lost file
macdoor615 created NIFI-8331:
Summary: PutHDFS sometime complain "File does not exist" and lost
file
Key: NIFI-8331
URL: https://issues.apache.org/jira/browse/NIFI-8331
Project: Apache NiFi
Issue Type: Bug
Components: Extensions
Affects Versions: 1.13.1
Environment: nifi 1.13.1
Linux hb3-prod-gem-bnpmp-001 3.10.0-1160.15.2.el7.x86_64 #1 SMP Wed Feb 3
15:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
openjdk version "1.8.0_282"
OpenJDK Runtime Environment (build 1.8.0_282-b08)
OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)
Reporter: macdoor615
# upgrade to nifi 1.13.1 from 1.13.0, and run same flow.xml.gz
# PutHDFS sometime complain "File does not exist" and lost file, throw
{code:java}
2021-03-17 11:21:04,443 WARN [Thread-919036]
org.apache.hadoop.hdfs.DataStreamer DataStreamer Exception
java.io.FileNotFoundException: File does not exist:
/data/ftp/BAOMIHUIYI/B200/POID-00083/.100141_B200_141_202103170800_202103170900.txt
(inode 152965963) [Lease. Holder: DFSClient_NONMAPREDUCE_360664168_65, pending
creates: 1]
at
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkLease(FSNamesystem.java:3050)
at
org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.analyzeFileState(FSDirWriteFileOp.java:610)
at
org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.validateAddBlock(FSDirWriteFileOp.java:171)
at
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getAdditionalBlock(FSNamesystem.java:2927)
at
org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.addBlock(NameNodeRpcServer.java:908)
at
org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.addBlock(ClientNamenodeProtocolServerSideTranslatorPB.java:593)
at
org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
at
org.apache.hadoop.ipc.ProtobufRpcEngine2$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine2.java:532)
at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1070)
at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:1020)
at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:948)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1845)
at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2952)
at sun.reflect.GeneratedConstructorAccessor197.newInstance(Unknown Source)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at
org.apache.hadoop.ipc.RemoteException.instantiateException(RemoteException.java:121)
at
org.apache.hadoop.ipc.RemoteException.unwrapRemoteException(RemoteException.java:88)
at org.apache.hadoop.hdfs.DFSOutputStream.addBlock(DFSOutputStream.java:1093)
at
org.apache.hadoop.hdfs.DataStreamer.locateFollowingBlock(DataStreamer.java:1867)
at
org.apache.hadoop.hdfs.DataStreamer.nextBlockOutputStream(DataStreamer.java:1669)
at org.apache.hadoop.hdfs.DataStreamer.run(DataStreamer.java:715)
Caused by: org.apache.hadoop.ipc.RemoteException: File does not exist:
/data/ftp/BAOMIHUIYI/B200/POID-00083/.100141_B200_141_202103170800_202103170900.txt
(inode 152965963) [Lease. Holder: DFSClient_NONMAPREDUCE_360664168_65, pending
creates: 1]
at
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkLease(FSNamesystem.java:3050)
at
org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.analyzeFileState(FSDirWriteFileOp.java:610)
at
org.apache.hadoop.hdfs.server.namenode.FSDirWriteFileOp.validateAddBlock(FSDirWriteFileOp.java:171)
at
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getAdditionalBlock(FSNamesystem.java:2927)
at
org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.addBlock(NameNodeRpcServer.java:908)
at
org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.addBlock(ClientNamenodeProtocolServerSideTranslatorPB.java:593)
at
org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
at
org.apache.hadoop.ipc.ProtobufRpcEngine2$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine2.java:532)
at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1070)
at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:1020)
at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:948)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1845)
at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2952)
at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1562)
at
[jira] [Updated] (NIFI-8237) PutDatabaseRecord can not insert into mysql table with TEXT column
[
https://issues.apache.org/jira/browse/NIFI-8237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-8237:
-
Description:
1. create table on mysql server
{code:java}
CREATE TABLE tmp_text (
ver varchar(10) NULL,
richtext text NULL
) ;{code}
2. insert data into table with PutDatabaseRecord processor , raise error
{code:java}
2021-02-19 00:43:04,424 ERROR [Timer-Driven Process Thread-3]
o.a.n.p.standard.PutDatabaseRecord
PutDatabaseRecord[id=b54f68de-0177-1000-917a-119d1bd6f5bf] Failed to put
Records to database for
StandardFlowFileRecord[uuid=3ad1b100-5661-4988-a21b-795b24cc5222,claim=StandardContentClaim
[resourceClaim=StandardResourceClaim[id=1613666502360-8, container=default,
section=8], offset=87073,
length=17],offset=0,name=3ad1b100-5661-4988-a21b-795b24cc5222,size=17]. Routing
to failure.: java.lang.NullPointerException
java.lang.NullPointerException: null
at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:181)
at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:152)
at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:148)
at
org.apache.nifi.processors.standard.PutDatabaseRecord.executeDML(PutDatabaseRecord.java:707)
at
org.apache.nifi.processors.standard.PutDatabaseRecord.putToDatabase(PutDatabaseRecord.java:838)
at
org.apache.nifi.processors.standard.PutDatabaseRecord.onTrigger(PutDatabaseRecord.java:487)
at
org.pache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)
at
org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1173)
at
org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:214)
at
org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:117)
at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
{code}
3. downgrade to Nifi 1.12.1, no error, data inserted into table
4. change TEXT column to VARCHAR, no error
was:
1. create table on mysql server
{code:java}
CREATE TABLE tmp_text (
ver varchar(10) NULL,
richtext text NULL
) ;{code}
2. insert data into table with PutDatabaseRecord processor , raise error
{code:java}
2021-02-19 00:43:04,424 ERROR [Timer-Driven Process Thread-3]
o.a.n.p.standard.PutDatabaseRecord
PutDatabaseRecord[id=b54f68de-0177-1000-917a-119d1bd6f5bf] Failed to put
Records to database for
StandardFlowFileRecord[uuid=3ad1b100-5661-4988-a21b-795b24cc5222,claim=StandardContentClaim
[resourceClaim=StandardResourceClaim[id=1613666502360-8, container=default,
section=8], offset=87073,
length=17],offset=0,name=3ad1b100-5661-4988-a21b-795b24cc5222,size=17]. Routing
to failure.: java.lang.NullPointerException
java.lang.NullPointerException: null
at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:181)
at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:152)
at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:148)
at
org.apache.nifi.processors.standard.PutDatabaseRecord.executeDML(PutDatabaseRecord.java:707)
at
org.apache.nifi.processors.standard.PutDatabaseRecord.putToDatabase(PutDatabaseRecord.java:838)
at
org.apache.nifi.processors.standard.PutDatabaseRecord.onTrigger(PutDatabaseRecord.java:487)
at
org.pache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)
at
org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1173)
at
org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:214)
at
org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:117)
at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
[jira] [Updated] (NIFI-8237) PutDatabaseRecord can not insert into mysql table with TEXT column
[
https://issues.apache.org/jira/browse/NIFI-8237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-8237:
-
Description:
1. create table on mysql server
{code:java}
CREATE TABLE tmp_text (
ver varchar(10) NULL,
richtext text NULL
) ;{code}
2. insert data into table with PutDatabaseRecord processor , raise error
{code:java}
2021-02-19 00:43:04,424 ERROR [Timer-Driven Process Thread-3]
o.a.n.p.standard.PutDatabaseRecord
PutDatabaseRecord[id=b54f68de-0177-1000-917a-119d1bd6f5bf] Failed to put
Records to database for
StandardFlowFileRecord[uuid=3ad1b100-5661-4988-a21b-795b24cc5222,claim=StandardContentClaim
[resourceClaim=StandardResourceClaim[id=1613666502360-8, container=default,
section=8], offset=87073,
length=17],offset=0,name=3ad1b100-5661-4988-a21b-795b24cc5222,size=17]. Routing
to failure.: java.lang.NullPointerException
java.lang.NullPointerException: null
at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:181)
at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:152)
at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:148)
at
org.apache.nifi.processors.standard.PutDatabaseRecord.executeDML(PutDatabaseRecord.java:707)
at
org.apache.nifi.processors.standard.PutDatabaseRecord.putToDatabase(PutDatabaseRecord.java:838)
at
org.apache.nifi.processors.standard.PutDatabaseRecord.onTrigger(PutDatabaseRecord.java:487)
at
org.pache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)
at
org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1173)
at
org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:214)
at
org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:117)
at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
{code}
3. downgrade to Nifi 1.12.1, no error, data inserted into table
4. change TEXT column to VARCHAR, no error
was:
1. create table on mysql server
CREATE TABLE tmp_text (
ver varchar(10) NULL,
richtext text NULL
) ;
2. insert data into table with PutDatabaseRecord processor , raise error
{{2021-02-19 00:43:04,424 ERROR [Timer-Driven Process Thread-3]
o.a.n.p.standard.PutDatabaseRecord
PutDatabaseRecord[id=b54f68de-0177-1000-917a-119d1bd6f5bf] Failed to put
Records to database for
StandardFlowFileRecord[uuid=3ad1b100-5661-4988-a21b-795b24cc5222,claim=StandardContentClaim
[resourceClaim=StandardResourceClaim[id=1613666502360-8, container=default,
section=8], offset=87073,
length=17],offset=0,name=3ad1b100-5661-4988-a21b-795b24cc5222,size=17]. Routing
to failure.: java.lang.NullPointerException}}
{{java.lang.NullPointerException: null}}
{{at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:181)}}
{{at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:152)}}
{{at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:148)}}
{{at
org.apache.nifi.processors.standard.PutDatabaseRecord.executeDML(PutDatabaseRecord.java:707)}}
{{at
org.apache.nifi.processors.standard.PutDatabaseRecord.putToDatabase(PutDatabaseRecord.java:838)}}
{{at
org.apache.nifi.processors.standard.PutDatabaseRecord.onTrigger(PutDatabaseRecord.java:487)}}
{{at
org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)}}
{{at
org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1173)}}
{{at
org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:214)}}
{{at
org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:117)}}
{{at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)}}
{{at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)}}
{{at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)}}
{{at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)}}
{{at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)}}
{{at
[jira] [Updated] (NIFI-8237) PutDatabaseRecord can not insert into mysql table with TEXT column
[
https://issues.apache.org/jira/browse/NIFI-8237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
macdoor615 updated NIFI-8237:
-
Description:
1. create table on mysql server
CREATE TABLE tmp_text (
ver varchar(10) NULL,
richtext text NULL
) ;
2. insert data into table with PutDatabaseRecord processor , raise error
{{2021-02-19 00:43:04,424 ERROR [Timer-Driven Process Thread-3]
o.a.n.p.standard.PutDatabaseRecord
PutDatabaseRecord[id=b54f68de-0177-1000-917a-119d1bd6f5bf] Failed to put
Records to database for
StandardFlowFileRecord[uuid=3ad1b100-5661-4988-a21b-795b24cc5222,claim=StandardContentClaim
[resourceClaim=StandardResourceClaim[id=1613666502360-8, container=default,
section=8], offset=87073,
length=17],offset=0,name=3ad1b100-5661-4988-a21b-795b24cc5222,size=17]. Routing
to failure.: java.lang.NullPointerException}}
{{java.lang.NullPointerException: null}}
{{at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:181)}}
{{at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:152)}}
{{at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:148)}}
{{at
org.apache.nifi.processors.standard.PutDatabaseRecord.executeDML(PutDatabaseRecord.java:707)}}
{{at
org.apache.nifi.processors.standard.PutDatabaseRecord.putToDatabase(PutDatabaseRecord.java:838)}}
{{at
org.apache.nifi.processors.standard.PutDatabaseRecord.onTrigger(PutDatabaseRecord.java:487)}}
{{at
org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)}}
{{at
org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1173)}}
{{at
org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:214)}}
{{at
org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:117)}}
{{at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)}}
{{at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)}}
{{at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)}}
{{at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)}}
{{at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)}}
{{at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)}}
{{at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)}}
{{at java.lang.Thread.run(Thread.java:748)}}
3. downgrade to Nifi 1.12.1, no error, data inserted into table
4. change TEXT column to VARCHAR, no error
was:
1. create table on mysql server
CREATE TABLE tmp_text (
ver varchar(10) NULL,
richtext text NULL
) ;
2. insert data into table with PutDatabaseRecord processor , raise error
2021-02-19 00:43:04,424 ERROR [Timer-Driven Process Thread-3]
o.a.n.p.standard.PutDatabaseRecord
PutDatabaseRecord[id=b54f68de-0177-1000-917a-119d1bd6f5bf] Failed to put
Records to database for
StandardFlowFileRecord[uuid=3ad1b100-5661-4988-a21b-795b24cc5222,claim=StandardContentClaim
[resourceClaim=StandardResourceClaim[id=1613666502360-8, container=default,
section=8], offset=87073,
length=17],offset=0,name=3ad1b100-5661-4988-a21b-795b24cc5222,size=17]. Routing
to failure.: java.lang.NullPointerException
java.lang.NullPointerException: null
at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:181)
at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:152)
at
org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:148)
at
org.apache.nifi.processors.standard.PutDatabaseRecord.executeDML(PutDatabaseRecord.java:707)
at
org.apache.nifi.processors.standard.PutDatabaseRecord.putToDatabase(PutDatabaseRecord.java:838)
at
org.apache.nifi.processors.standard.PutDatabaseRecord.onTrigger(PutDatabaseRecord.java:487)
at
org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)
at
org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1173)
at
org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:214)
at
org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:117)
at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at
[jira] [Created] (NIFI-8237) PutDatabaseRecord can not insert into mysql table with TEXT column
macdoor615 created NIFI-8237: Summary: PutDatabaseRecord can not insert into mysql table with TEXT column Key: NIFI-8237 URL: https://issues.apache.org/jira/browse/NIFI-8237 Project: Apache NiFi Issue Type: Bug Components: Extensions Affects Versions: 1.13.0 Environment: Linux hb3-prod-gem-svc1-001 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux openjdk version "1.8.0_282" OpenJDK Runtime Environment (build 1.8.0_282-b08) OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode) Reporter: macdoor615 1. create table on mysql server CREATE TABLE tmp_text ( ver varchar(10) NULL, richtext text NULL ) ; 2. insert data into table with PutDatabaseRecord processor , raise error 2021-02-19 00:43:04,424 ERROR [Timer-Driven Process Thread-3] o.a.n.p.standard.PutDatabaseRecord PutDatabaseRecord[id=b54f68de-0177-1000-917a-119d1bd6f5bf] Failed to put Records to database for StandardFlowFileRecord[uuid=3ad1b100-5661-4988-a21b-795b24cc5222,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=1613666502360-8, container=default, section=8], offset=87073, length=17],offset=0,name=3ad1b100-5661-4988-a21b-795b24cc5222,size=17]. Routing to failure.: java.lang.NullPointerException java.lang.NullPointerException: null at org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:181) at org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:152) at org.apache.nifi.serialization.record.util.DataTypeUtils.convertType(DataTypeUtils.java:148) at org.apache.nifi.processors.standard.PutDatabaseRecord.executeDML(PutDatabaseRecord.java:707) at org.apache.nifi.processors.standard.PutDatabaseRecord.putToDatabase(PutDatabaseRecord.java:838) at org.apache.nifi.processors.standard.PutDatabaseRecord.onTrigger(PutDatabaseRecord.java:487) at org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27) at org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1173) at org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:214) at org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:117) at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) 3. downgrade to Nifi 1.12.1, no error, data inserted into table 4. change TEXT column to VARCHAR, no error -- This message was sent by Atlassian Jira (v8.3.4#803005)
