Gard, In your conf/authorizers.xml configuration file you'll see entries which need to be populated with the nodes in your cluster. With zero master clustering, the nodes in the cluster may be replicating requests to the other nodes in the cluster. In order for the node to trust the end user, each machine along the way needs to be authorized for proxying. Configuring that part of the authorizers.xml will establish these policies.
Note, the policies are only created when the authorizations.xml is not present or empty (containing just the empty root element) so you may need to modify/removing this file prior to restarting. Thanks. Matt On Tue, Sep 13, 2016 at 9:37 AM, Gard Skauge <[email protected]> wrote: > Hello, > > > I am setting up a secure NiFi cluster with 3 nodes, using keystone and > truststores generated with the tls-toolkit: > > tls-toolkit.sh standalone -n '<hostname>' -C 'CN=<hostname>’ > > All three nodes start and inter-node communication is working fine > fromwhat I can see in the logs. However, after logging in, I get the message > > > Access denied - Untrusted proxy CN=<hostname>, OU=NIFI > > > If I start only one node, I do not get this error, it´s only after the > next node joins the cluster that this happens. Any ideas? > > > Thanks, > Gard
