Matheswaran, The Node Identities in the authorizers.xml file need to correspond with the DN from the server certificates each node is configured with. I would recommend using keytool to print the certificate and then copy/paste that DN into the authorizers.xml on each node.
NOTE: A authorizations.xml and users.xml may have already been created during your initial attempts. You can either just edit the identities of the nodes in the users.xml on each node or update the configuration in authorizers.xml. If you update the authorizers.xml you'll want to remove the authorizations.xml and users.xml as they are only generated during startup if they do not exist currently. Matt On Thu, Jul 13, 2017 at 9:16 AM, James Srinivasan < [email protected]> wrote: > Hi, > > I found I had to add this to authorizations.xml for R & W, with > corresponding users.xml entries: > > <policy identifier="nifi-cluster-write" resource="/proxy" > action="W"> > <user identifier="nifi-leith"/> > <user identifier="nifi-wharfe"/> > <user identifier="nifi-tamar"/> > </policy> > > Still not entirely sure my secured cluster is fully set up correctly - > planning on writing up how we did it tho. > > James > > > On 13 July 2017 at 13:47, mathes waran <[email protected]> wrote: > > I am using nifi V-1.3, and trying to setup 3 node secure NIFI cluster. > > > > I have added all the required properties, I can see nodes sending > heartbeats > > in logs in all the nodes but on screen I'm getting Untrusted proxy > message > > for all nodes. error screen shot attached. > > > > Error log getting as NiFiAuthenticationFilter Rejecting access to web > api: > > Untrusted proxy CN=hostname > > > > Find the nifi properties below: > > <authorizer> > > <identifier>file-provider</identifier> > > <class>org.apache.nifi.authorization.FileAuthorizer</class> > > <property > > name="AuthorizationsFile">./conf/authorizations.xml</property> > > <property name="Users File">./conf/users.xml</property> > > <property name="Initial Admin > > Identity">[email protected]</property> > > <property name="Legacy Authorized Users File"></property> > > <property name="Node Identity 1">[email protected], > > OU=NIFI</property> > > <property name="Node Identity 2">[email protected], > > OU=NIFI</property> > > <property name="Node Identity 3">[email protected], > > OU=NIFI</property> > > </authorizer> > > > > > > could you please tell if anybody overcomes it. > > > > Thanks, > > Matheswaran >
