Re: Legacy Authorized Users File approach not working?

Russell, I would not recommend the Legacy Authorized Users approach in 1.x. It does work, but the authorizations model in 1.x is bigger than it was in 0.x, and the simple conversion will not provide all that you need. I recommend using the Initial Admin Identity, then configuring groups and

Re: NiFi compilation error - master & 1.1.x branch

Andrew, What version of Java are using? Oracle or OpenJDK, 8 or 9, etc.? Also which branch are you building from? It looks like it's building 1.1.1-SNAPSHOT but I am not aware of any branch that has that as the version. It built for me fine from the latest master (version 1.2.0-SNAPSHOT) and

Re: [VOTE] Release Apache NiFi 1.1.1 (RC1)

+1 (non-binding) * zip signature verifies and hashes match * builds fine (after I un-broke my dev environment) * README, NOTICE, and LICENSE files look good in source * git commit ID and RC branch look good * build runs as expected On Wed, Dec 21, 2016 at 2:47 PM, Bryan Bende

NiFi compilation error - master & 1.1.x branch

Hi All, Trying to compile NiFi. It keeps failing in the nifi-scripting-processors project. Tried repeated clean builds. This is on a Ubuntu 14.04 box. Ideas? Here's the full build output: nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors$ mvn install [INFO] Scanning for

Re: OCSP validation not happening for cluster servers

Matt, Sorry, the confusion about where it was supported is entirely mine. Thanks again for the help! Joe On Wed, Dec 21, 2016 at 4:58 PM, Matt Gilman wrote: > Joe, > > Just to be completely clear. It was only ever offered for the REST API. I > don't believe that is

Re: OCSP validation not happening for cluster servers

Joe, Just to be completely clear. It was only ever offered for the REST API. I don't believe that is broken. I verified that we can introduce it in other places using the built-in Java capabilities. Because of that, I think we can remove the legacy verification. Yes, all SSL traffic should

Re: OCSP validation not happening for cluster servers

Matt, Thanks for digging into this. Since it's verified to be broken in the current releases, I'll call off the folks trying to test it on our end. After these changes will all SSL traffic for the Web UI, REST API, Site-to-Site, and Clustering support OCSP? Thanks, Joe On Wed, Dec 21, 2016 at

Re: OCSP validation not happening for cluster servers

Joe, I was able to successfully verify revoked certificates for clients and nodes joining the cluster. This did require some code changes. Specifically, the changes you were suggesting (PKIXBuilderParameters.setRevocationEnabled and the ocsp.enabled Security property). I think the best path

Re: [VOTE] Release Apache NiFi 1.1.1 (RC1)

+1 binding. built and tested on CentOS OpenJDK 8 Had a few initial issues getting to building with -T 2.0C but once completed NiFi seems to work On Tue, Dec 20, 2016 at 9:35 AM, Joe Percivall < joeperciv...@yahoo.com.invalid> wrote: > Hello Apache NiFi Community, > > I am pleased to be calling

Re: [VOTE] Release Apache NiFi 1.1.1 (RC1)

+1 (non-binding) - Full contrib-check build on OSX - Tested few workflows on a secured standalone instance 2016-12-21 7:54 GMT+01:00 Koji Kawamura : > +1 (non-binding) > > - Built and tested on OSX with contrib-check. > - Ran followings with