I agree, the Controller Service needs to be enhanced to support rotating
SAS tokens. I know of a few users that have run into this exact problem.
Technically, it should possible to write a custom implementation of
the ADLSCredentialsService API that did this, but it would be ideal if NiFi
Hi David,
Are you using nested versioned process groups, i.e., does the PG you
version control in Step 3 contain a nested PG that is independently
versioned?
If you configure the GitFlowPersisence provider for a brand new / empty
registry, it should pull the metadata for buckets from git on
dataflow manager or a developer inadvertently right click and
> select “start” on the root canvas page, that will start all the components
> in the child process groups.
>
> Thanks
>
> Deepak
>
> *[image: image005]*
>
> *Deepak Reddy* | Data Engineer
> IT Centers of Excellen
Hi Dave,
I understand the type of auto-user registration for authenticated users
that you're describing, which a lot of OIDC-based web apps support.
Unfortunately, NiFi cannot support that at this time. It would be a cool
feature. It's not impossible that NiFi could support it one day. We would
to review all
>> changes in production before committing so that I am not accidentally
>> committing untested “workarounds” that got me out of trouble this morning
>> but would not like to persist in the code base.
>>
>>
>>
>> *Steve Hindmarch*
>>
&
art all the components
> in the child process groups.
>
> Thanks
>
> Deepak
>
> *[image: image005]*
>
> *Deepak Reddy* | Data Engineer
> IT Centers of Excellence
> 13736 Riverport Dr., Maryland Heights, MO 63043
>
>
>
> *From:* Kevin Doran
> *Sen
age005]*
>
> *Deepak Reddy* | Data Engineer
> IT Centers of Excellence
> 13736 Riverport Dr., Maryland Heights, MO 63043
>
>
>
> *From:* Kevin Doran
> *Sent:* Friday, December 9, 2022 9:33 AM
> *To:* users@nifi.apache.org
> *Subject:* [EXTERNAL] Re: Disabling
Yep, was just about to say the same. NiFi 1.14.0 does not run on Java 17,
but recent versions of NiFi do. So either move to a NiFi >= 1.16.3 which
does support on Java 17, or else downgrade Java to 8 or 11.
On Dec 13, 2022 at 10:47:00, Joe Witt wrote:
> We support 8, 11, and 17 now. As far as
Hi Deepak,
So far, we have been honoring the following policy for what constitutes a
change in version control:
- stopped/started does not count as a "local change"
- enabled/disabled does count as a change, and that state is captured in
the flow snapshot json version saved to
I believe as soon as this is merged Joe Witt is planning to prepare the
1.19.1 RC candidate and open the vote. We should have a release by next
week unless something comes up
On Dec 1, 2022 at 07:44:29, josef.zahn...@swisscom.com wrote:
> Hi Bence
>
>
>
> Ok got it, thanks a lot, So we will
with little more than environment variables, etc.
>
>
> [1] https://gist.github.com/ChrisSamo632/813fdfec45f1e0e28c674b133f036811
>
> ---
> *Chris Sampson*
> IT Consultant
> chris.samp...@naimuri.com
>
>
> On Thu, 29 Sept 2022 at 01:21, Kevin Doran wrote:
&
tail" of the "nifi-app.log" file (as we no longer have that file in our
> config and the logback.xml sends everything to StdOut anyway).
>
>
>
>
> [1] https://gist.github.com/ChrisSamo632/813fdfec45f1e0e28c674b133f036811
>
> ---
> *Chris Sampson*
> IT Consultant
&g
y need to update the logging for the appender writing to
> the bootstrap file:
> class="ch.qos.logback.core.rolling.RollingFileAppender”>
>
> And redirect that to standard out
>
> Thanks
> -Mark
>
>
> On Sep 28, 2022, at 9:48 AM, Kevin Doran wrote:
>
> Dylan - I l
Dylan - I looked into this and am yet unable to offer an explaination.
Perhaps others that are familiar with how org.apache.nifi.StdOut can shed
some light, or else I will keep digging when I have a block of time. To
help in my understanding: Which Docker image are you using? Is it the
apace/nifi
Hi Valentina,
I've not tried this myself, so I cannot be sure it is a solution here, but
have you tried generating a Google App Password [1] for the Gmail account
to use in NiFi in place of the user password?
I'm not sure if it is a drop-in replacement or not, but worth trying to see
if it
a del
> Lavoro 67
>
> www.dedagroup.it/public-services
>
>
>
> <http://www.dedagroup.it/home>
>
>
>
> *Da:* Kevin Doran
> *Inviato:* mercoledì 2 marzo 2022 16:39
> *A:* users@nifi.apache.org
> *Oggetto:* Re: How to see the request header creat
Hi Luca,
Based on looking at the code here [1], I believe you need to enable
debug-level logging for this logger:
org.apache.nifi.processors.standard.InvokeHTTP
Instructions for changing log level for individual component loggers can be
found here [2]. (Ignore the part about attaching a remote
eption: Flow
> controller TLS configuration is invalid
>
>
>
>
> *Jean-Sébastien Vachon *
> Co-Founder & Architect
>
>
> *Brizo Data, Inc. www.brizodata.com
> <https://outlook.office365.com/mail/options/mail/messageContent/www.brizodata.com>
> *
> -
There have been some changes recently, and NiFi is now secure by default
with a self-signed cert I believe. It could be that NIFI_WEB_HTTP_PORT
conflicts with the expected NIFI_WEB_HTTPS_PORT.
Try this:
nifi:
image: apache/nifi:latest
ports:
- "8443:8443" # UI
- "1"
Seems like a nice improvement. I would lean towards introducing the
RetryableLookupFailureException. At the same time, I think we should add catch
blocks for more specific subclasses of SQLException, such as
SQLTransientException, which would also trigger a
RetryableLookupFailureException
Hi Tony,
The typical approach I have seen is to allow NiFi to authenticate to NiFi
Registry using a client certificate. This can be achieved alongside LDAP
authentication by configuring NiFi Registry using a
ConfiguableCompositeUserGroupProvider, with a FileUserGroupProvider to manage
Hi, Darren -
I am not aware of a method of running a full NiFi instance directly in
IntelliJ, but I use the method Matt mentioned: attaching IntelliJ as a remote
debugger to a running NiFi instance.
I put together a guide a few years back for folks unfamiliar with this process
or new to
Hi,
Your understanding is correct: In order to get the connections you want, NGINX
will have to be recognized by NiFi as an authorized proxy. The client
certificate DN will be used for each request, provided NGINX terminates that
TLS connection from the client and passes the DN of the
Jeff, you were a fantastic collaborator and friend. You will be dearly missed.
Thank you for all your contributions, and for all you’ve shown and taught me
over the years. You’ve left behind a great legacy that will continue to have a
positive impact on the world for years to come, not just
Hi Daniel,
This is unexpected, and I’ve never heard of someone experiencing the behavior
you describe until now.
NiFi does allow multiple, simultaneous connections from different users without
any special configuration to enable that.
Can you share some details about your NiFi version and
I’ve always thought along the lines Otto suggests, that eventually, given some
way of formatting the diff, there would also be some visual tool in the
ecosystem that would help visualize that diff and could be used specifically in
the context of reviewing/merging changes.
Lots of good
This is a very good question, and Pierre gives a good summary of how
to go about solving for it.
Essentially, you need to configure NiFi Registry for how to know about
the users and groups that will be passed to it. That is the
authorizers.xml file Pierre mentioned. There are two options for a
Swarup,
First, thanks for the great email. Nice job troubleshooting this and
sharing your findings with the community.
I'm more familiar with how these types of things get configured on
NiFi Registry than NiFi, so I'm not as much help as others. But I did
take a look and one thing I noticed was
xplain the user what
is wrong.
But I'm only a user ;-) (a little grumpy, this morning, indeed)
Le 04/09/2019 à 18:59, Kevin Doran a écrit :
> Hi Nicolas,
>
> Is it possible you changed the initial admin identity at some point?
> If so, you will need to delete authorizations.xml and
Hi Nicolas,
Is it possible you changed the initial admin identity at some point?
If so, you will need to delete authorizations.xml and restart NiFi
Registry to allow it to be recreated with the new initial admin.
Also, nifi registry never allows modifying the permissions for the
current user.
My apologies, the link I sent in my last message [1] may not be
accessible unless you are signed into Jira. If you cannot view that
link, see [2].
[2]
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020=12345213
On Tue, Apr 2, 2019 at 1:18 PM Kevin Doran wrote
For what it's worth, v1.9.2 is going to include a number of bug fixes
in addition to NIFI-6150. While the other bugs are not nearly as
critical (depending on your usage of NiFi), all the more the reason to
upgrade to 1.9.2 rather than patching a 1.9.1 install. For a full list
of what's been
: Kevin Doran
Sent: Thursday, March 28, 2019 4:00 PM
To: users@nifi.apache.org
Subject: Re: NiFi registry - encrypt providers.xml?
Yeah sorry, I should have specified that your ssh key needs to be password-less
for this to work (your suspicion was correct!). So we recommend doing that and
securing
> Thanks,
>
> Dave
>
>
>
> -Original Message-
> From: Kevin Doran
> Sent: Thursday, March 28, 2019 12:20 PM
> To: users@nifi.apache.org
> Subject: Re: NiFi registry - encrypt providers.xml?
>
> This is not possible at this time. We recommend configurin
This is not possible at this time. We recommend configuring your git
repo so that the remote and push using ssh key pairs of the NiFi
Registry run-as user and protecting the private key on disk. in other
words, if on the linux host as the user that nifi registry runs as,
you should be able to push
Hello,
The IdentityAccessException indicates that the NiFi server did successfully
receive and recognize LDAP username and password credentials in the
request, but was unable to communicate with the LDAP server in order to
authenticate them. The nested exception "socket closed" does not give a
How many users and groups do you expect to sync? Are you able to test
your search base and filter are correct using a command line tool such
as ldapsearch? I'm not sure if a search filter is required (although
it would probably fail with an error if it was), but maybe try setting
a "match all"
Chad,
I wanted to echo Bryan and say thanks for sharing the details of an
upgrade process that works. Until we have improved NiFi to handle the
upgrades regardless of order of steps, this is a helpful reference for
the community for a sequence that can work.
Cheers,
Kevin
On Tue, Mar 19, 2019
ocker-compose/blob/master/docker-compose-registry.yml
> >>
> >>
> >> I can't remember if I kept the LDAP docker container referenced in it,
> >> but you should be able to look at it and figure out how to link everything
> >> up from that with Docker Co
Hi Tom,
Given that you are getting a Connection refused exception and not an HTTP 401
or 403, I suspect that the problem is networking related and not
authentication/authorization.
Are the two docker containers on the same docker network? Can you resolve/ping
the Registry container from the
policy so they don't lose access to their own
> application? Does NiFi keep that information?
>
> Thanks,
> Chad
>
> On Fri, Feb 15, 2019 at 2:02 PM Kevin Doran wrote:
>
> > Hi Chad,
> >
> > I've never done this, but if I were to go about it I would create a
Hi Chad,
I've never done this, but if I were to go about it I would create a
script / cron job to poll the NiFi REST API [1] periodically, and upon
detection of a new "Application PG", create the corresponding policies
in Ranger via its REST API [2].
You'll have to create service accounts in
run the sync less
frequently if you are worried about background processing or load on your AD
server.
Cheers,
Kevin
> BR,
> Tom
>
> On Wed, 13 Feb 2019, 15:29 Kevin Doran >
> > Hi Tom,
> >
> > How are you configuring the various config files? Through t
Hi Tom,
Are you using the apache/nifi-registry image or a custom image for this?
Have you configured TLS?
Can you share your complete conf dir (removing sensitive values such as
password or domains)?
Thanks,
Kevin
On February 7, 2019 at 05:57:37, Tomislav Novosel (to.novo...@gmail.com)
e pushed
> out? Basically
> the "bad thing" is already embedded in the change history of the flow?
>
> Russ Weiher
> BI CI Solutions Architect
> Progenity, Inc.
>
>
> -Original Message-
> From: Kevin Doran [mailto:kdo...@apache.org]
upId": "1116ed97-c7f7-3776-a2c4-82c5e7fd298d"
> },
> {
> "componentId": "cc69de3d-623b-3e43-9e9f-6d2b47ed7bdd",
> "componentName": "ExtractText",
> "componentType": "Processor",
> "differences": [
> {
>
oncurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
>
>
> Russ
Sorry, forgot to add -- can you include the full stack trace for the
IllegalStateException as well? It should be in the nifi-app.log file.
Thanks,
Kevin
On January 10, 2019 at 11:13:33, Kevin Doran (kdo...@apache.org) wrote:
> Hi Russ,
>
> You mentioned you're using NiFi 1.6. Wha
Hi Russ,
You mentioned you're using NiFi 1.6. What version of NiFi Registry are you
running? Is the error message consistent?
What is the sequence of steps you are using to move the flow snapshot from DEV
to QA? Is it all through the NiFi UI (i.e., both environments are pointed to
the same
Hi Walter,
I could be mistaken, but my interpretation of the Trusted Hostname
configuration option is that it is designed to work with/in-addition-to the
truststore, not instead of a truststore as an alternative trust mechanism.
Basically, I think it is to be used in situations when the
any suggestion on this.
Regards,
Faisal
On Tue, Dec 4, 2018 at 1:49 AM Kevin Doran
mailto:kdoran.apa...@gmail.com>> wrote:
Hi Faisal,
It appears whatever is writing these date strings that you have for inputs is
writing microseconds, not milliseconds,
So when you are using `.SS
Hi Faisal,
It appears whatever is writing these date strings that you have for inputs is
writing microseconds, not milliseconds,
So when you are using `.SS`, that is, in this case `937000` microseconds
being interpreted by the expression language java parser as 937000 milliseconds
(15
a reverse proxy (Nginx)
in front of NiFi Registry to only pass mutation requests
(POST/PUT/DELETE) from dev NiFi hosts.
https://serverfault.com/questions/152745/nginx-proxy-by-request-method
Thanks,
Koji
On Tue, Nov 20, 2018 at 11:33 PM Kevin Doran
wrote:
>
I think Bryan’s correct that this makes a good feature request for Registry.
One idea is if you are able to set separate policies for production NiFi and
non-production NiFi, then you could limit the user policies to read only for
the NiFi canvas / process group and only allow a service account
users@nifi.apache.org
> Subject: Re: Nifi Registry + Git: target registry ignores git flows
>
>
>
> Assuming you have a dev DB & git repo and then a prod DB & git repo,
> each DB goes with the corresponding repo and has ids that are unique
> to the environment, so you
ot it now – I didn’t realize that you had to create a bucket
and empty flow in the ‘prd’ repository before you could import a version into
that flow. For some reason I thought ‘Import Flow’ would create the bucket and
flow if it didn’t already exist. Thanks for the help!
Dave
From: Kevin
59975-2683-4e84-91f5-f616bbed207a version 1 was not found in bucket
CleverGit:34658e23-c138-4085-9280-6359f322672d.
Am I going about this the wrong way? Should I just be using the default flow
persistence provider?
Thanks,
Dave
From: Kevin Doran
Sent: Saturday, September 8, 2018 1:54 PM
To: users@nifi.ap
Mike is correct – it is likely due to mismatch of metadata (bucket ids and flow
ids) in the two environments. The recommended way to move flow snapshots across
air-gapped environments at this time is and export/import with the NiFi CLI
[1], a tool included the NiFi Toolkit, which you can
issing. It's like the registry doesn't know what to do since we added that new
property.
So yeah, it very much knows something changed, but it just won't let us commit.
It doesn't even show that option.
Thanks,
Mike
On Fri, Aug 24, 2018 at 10:00 AM Kevin Doran
mailto:kdo...@apache.org>&
Hi Mike,
I’ve never seen this before. I have a few questions for you to help me
understand what could be going on:
1. When you say the custom processor got a new property, do you mean that
the custom processor was modified to include a new property definition, and
was recompiled/bundled and
ul and shows major shortcoming between the
> back end authentication between servers and front end ui authentication.
>
>
> We can't even considering putting it behind our identify reverse proxies
> because we can't turn off two way ssl.
>
>
> Thanks
>
> Shawnk
>
sorry forgot the link. here it is:
[1] https://issues.apache.org/jira/projects/NIFIREG/issues/NIFIREG-189
On Thu, Aug 9, 2018 at 11:47 AM, Kevin Doran wrote:
> Hi Curtis,
>
> This has come up a few times. Unfortunately I don’t think there is
> currently an easy way to disabl
Hi Curtis,
This has come up a few times. Unfortunately I don’t think there is
currently an easy way to disable X509-based identity extraction in NiFi
today. There is an open JIRA for the same issue in NiFi Registry [1]. NiFi
Registry follows the same AuthN/AuthZ design (and a fair amount of code)
Hi,
Glad to hear you are finding the NiFi Registry features useful. Regarding
your question, the “Remote Access User” and “Remote Access Password”
properties are only used when the remote URL is an HTTPS url. When it is an
SSH url, it is expected that password-less SSH has been configured on
Never seen that before - definitely odd. What platform are you running on?
Thanks,
Kevin
On Fri, Jul 20, 2018 at 1:58 PM, Geoff Craig wrote:
> Hello,
>
>
>
> I’m trying to run nifi-registry (0.2.0) using run.as in bootstrap.conf
> and the nifi-registry.sh run command is throwing this error:
Hi Mike,
Yes, this is expected behavior.
Let's say I have a PG A that has a nested versioned PG B, both are at
version 1. Because PG B is versioned, the full definition of PG A does not
extend down into PG B, it stops at a reference to "PG B:v1". Because PG B
is versioned independently, a
Hi Jean-Sébastien,
Sorry you’re running into trouble. NiFi can have a bit of a learning curve at
first, but once you are comfortable with the components it comes with and how
to use them effectively, it gets much faster to accomplish tasks such as your
example.
In general, don’t worry
There's a lot of great discussion on this thread.
I’ll add that if you intend to use NiFi Registry with NiFi (which has lot of
advantages, some of which have already been discussed), you’ll want to consider
what is going to work best with NiFi Registry and your flow
deployment/promotion
[answered on SO as well]
Kumar,
As of today, it is not currently possible to store data/objects in NiFi
Registry other than a NiFi Flow and its configuration (component properties,
default variable values, controller services, etc).
There have been discussions about extending NiFi Registry's
Hi Vitaly,
All releases are tagged as “rel/”, so you can see all tags by running
“git tag” and then use “git checkout ” to checkout the version you
want.
Cheers,
Kevin
From: Vitaly Krivoy
Reply-To:
Date: Thursday, June 28, 2018 at 11:54
To: "users@nifi.apache.org"
Subject: Checking out
Hi Boris,
Are those urls correct? It looks like the path and port are out of place, e.g.:
localhost:8011/admin
localhost:8011/info
-Kevin
From: Boris Tyukin
Reply-To:
Date: Thursday, June 14, 2018 at 16:26
To:
Subject: HandleHttpRequest and Allowed Paths
Hi,
I am
Thanks for the additional details. It sounds like you have already explored
alternatives quite a bit and have found the best path. :) Looks like Mark has
some good advice for making this flow manageable, so if this is working for
you, I’d take his suggestions where it makes sense and run with
Hi Martijn,
Can you share more about the details of what your DistributeLoad process group
is doing and how the 24 endpoints of the particular S3-compatible storage
service work? Are they fixed or could they change? Just hoping to understand
what are the constraints you have to work within.
On 6 June 2018 at 05:58, Kevin Doran wrote:
Whoops, in my example, disregard the class for the ldap-user-group-provider
(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider). I took
that snippet from one of my NiFi Registry configuration files, which is the
same as NiFi
that so it doesn’t
confuse anyone or you don’t copy/paste from my example.
From: Kevin Doran
Reply-To:
Date: Tuesday, June 5, 2018 at 23:52
To:
Subject: Re: LDAP/AD User groups
Hi Martijn,
You’re really close to having this configured correctly. Basically, you just
need to set a few more
Hi Martijn,
You’re really close to having this configured correctly. Basically, you just
need to set a few more Group properties in your ldap-user-group-provider config.
The way user and group loading works in NiFI:
The users are synced from LDAP using the “User Search *” (and related)
is documented as being and issue and the
recommendation is to follow one of the suggested practices to avoid issues such
as this one.
Cheers,
Ryan
On Mon, May 7, 2018 at 7:10 AM, Kevin Doran <kdo...@apache.org> wrote:
Hi Ryan,
I’ve never tried creating a template from a process group that was save
Hi Ryan,
I’ve never tried creating a template from a process group that was saved to a
NiFi Registry, so I haven’t run into this exact error. However, there are users
that cannot connect multiple environments (e.g., dev and production) to the
same NiFi Registry and therefore have the need
g into it too much but it is a strange issue I was
receiving.
On Apr 10, 2018, at 3:21 PM, Kevin Doran <kdo...@apache.org> wrote:
Thanks; that certainly narrows it down. It could be that you’ve uncovered a bug
with the LdapIdentityProvider when using START_TLS. I’ll try to recreate i
On Apr 10, 2018, at 2:57 PM, Kevin Doran <kdo...@apache.org> wrote:
Thanks Scott,
I don’t see anything wrong with your configuration. I created a free jumpcloud
account, so I’ll try to recreate this issue and get back to you if I have any
other insights.
Kevin
From
On Apr 10, 2018, at 2:10 PM, Kevin Doran <kdo...@apache.org> wrote:
If everything is configured correctly, this error usually indicates that the
server did not locate your login credentials when processing the login request.
That usually means it will not even attempt to authenticate the
wrote:
Yes I did, I had Nifi-registry working with a local instances of LDAP
running. It’s now not cooperating since I moved to using Jumpcloud.
> On Apr 10, 2018, at 1:56 PM, Kevin Doran <kdo...@apache.org> wrote:
>
> Hi Sco
Hi Scott,
Did you configure nifi-registry.properties with:
nifi.registry.security.identity.provider=ldap-identity-provider
On 4/10/18, 14:53, "Scott Howell" wrote:
Thanks for the all the help yesterday standing up LDAP for NIFI. I was able
to troubleshoot and
Scott,
I've never implemented NiFi with JumpCloud, but speculating as to what could be
the cause of your error, it could be the User Search Base/Filter configuration
values. Can you share the contents of your login-identity-providers.xml
(removing any sensitive values such as ldap
Good catch, Bryan. It does sound like that could explain what is going on in
these cases.
Regarding this:
>I think one way to support this might be to bring back the "Allow
>Anonymous" flag in the Ranger Authorizer config.
>
>This way if this value is set to false, then before
Hi Laurens,
I've never done this but here are some ideas you could experiment with.
Assuming the logs are coming from something like an application running on an
EC2 instance, there are a number of ways you could probably expose them to NiFi
without going through CloudWatch logs. There are a
volume references, would that work for making a
reproducible demo?
On Thu, Mar 22, 2018 at 10:08 AM, Kevin Doran <kdo...@apache.org> wrote:
Yeah, from looking at your Docker compose file, your LDAP search base/filter is
configured as:
LDAP_USER_SEARCH_BASE='ou=people,dc=nifi,dc=com'
LDAP
ou=people, dc=nifi, dc=com
Tried logging in w/ test/password (what the LDIF uses)
Got: Unknown user with identity 'test'. Contact the system administrator.
Any ideas?
On Thu, Mar 22, 2018 at 9:34 AM, Kevin Doran <kdo...@apache.org> wrote:
Mike,
To my knowledge, the Docker
en to work outside of Docker. I'm also
not seeing anything in the logs indicating that it's trying the LDAP query.
On Thu, Mar 22, 2018 at 8:30 AM, Kevin Doran <kdo...@apache.org> wrote:
Sorry, meant to include the link to start.sh, which is in our codebase [1].
I’m only pointing it out b/
Sorry, meant to include the link to start.sh, which is in our codebase [1].
I’m only pointing it out b/c it looked like in your Docker compose file that
you wanted this to be an LDAP demo.
[1]
https://github.com/apache/nifi/blob/master/nifi-docker/dockerhub/sh/start.sh#L30
From: Kevin
Good eye, Pierre.
Mike, unrelated to the initial admin question, but anticipating something you
might run int o after you get that part working. Change the "AUTH=tls"
environment variable value to "AUTH=ldap". (I know the README file for the
docker image uses ‘AUTH=tls’ in the documentation
of file-provider.
> On Mar 19, 2018, at 9:35 AM, Kevin Doran <kdo...@apache.org> wrote:
>
> Hey Scott,
>
> Assuming you are using two-way TLS with client certificates for
authentication, I recommend configuring your ELB for TCP passthrough so that
the TLS handshake i
Hey Scott,
Assuming you are using two-way TLS with client certificates for authentication,
I recommend configuring your ELB for TCP passthrough so that the TLS handshake
is between the end-client and the NiFi Registry Server (in other words, no
decryption/termination of the TLS connection
al Delivery Center
Tel: (+86) 27 59269644
E-mail: dengt...@cn.ibm.com
WhatsApp: +86 15671158671
---
- Original message -
From: Kevin Doran <kdo...@apache.org>
To: <users@nifi.apache.org&g
When using access tokens, make sure your NiFi instance is configured to not
require client certificates for the TLS certificates:
nifi.security.needClientAuth=false
This is because you only want the NiFi server (not the client) to establish its
identity with a TLS certificate; the client
bilities to extend the functionality of NiFi with
custom processors and Groovy scripts. Awesome job, guys.
On Thu, Mar 1, 2018 at 1:29 PM, Kevin Doran <kdo...@apache.org> wrote:
Hi Boris,
Good point regarding concurrent tasks; thanks for sharing!
This is a great candidate for something
Hi Boris,
Good point regarding concurrent tasks; thanks for sharing!
This is a great candidate for something that one should be able to create
environment-specific values for, as Bryan suggests. I agree we should create a
NiFi JIRA to track this enhancement.
Thanks,
Kevin
On 3/1/18, 11:44,
perfectly and the LDAP
group and users synced as expected.
Thank You.
Cheers,
Nick
On 8 Dec 2017 11:59 +0700, Kevin Doran <kdoran.apa...@gmail.com>, wrote:
Hi Nikhil,
I haven't heard of this issue before. Looking at the NiFi code that is
interpreting the sync interval property
Identities" matter as the "Initial Node Identities" do? Or
are only the Node Identities order important?
-Ryan H
On Sat, Feb 17, 2018 at 5:34 PM, Kevin Doran
<kdo...@apache.org<mailto:kdo...@apache.org>> wrote:
Hi Ryan,
You’ll need to add the DN for your clu
Hi Ryan,
You’ll need to add the DN for your cluster nodes as “Initial User Identities”
to the file-user-group-provider in authorizers.xml. I.e.:
CN=my-node-1, OU=NIFI
CN=my-node-2, OU=NIFI
Let me know if you have any other questions!
Cheers,
Kevin
From: Ryan H
1 - 100 of 118 matches
Mail list logo