If everything is configured correctly, this error usually indicates that the 
server did not locate your login credentials when processing the login request. 
That usually means it will not even attempt to authenticate the credentials, so 
I'm not sure it is an LDAP configuration error.


If you want to check this manually using developer tools in a browser (e.g., 
Chrome or Firefox) you can look at the HTTP traffic to see if credentials are 
being passed to the server. NiFi Registry uses the HTTP Basic Auth protocol to 
login (credentials are encoded in the Authorization header and passed to the 
server from the login page to generate a temporary authentication token). 


So after clicking "Login", you should look for an HTTP POST to 
<base_url>/nifi-registry-api/access/token/login, which should have an 
"Authorization" header with the value "Basic {encoded-username-and-password}"


If the credentials are there, it is likely something is misconfigured on the 
server side with the identity provider so that login credentials are not even 
being looked for. If the credentials are not there... well I've never seen 
that. I would probably as if your NiFi Registry Server running behind a load 
balancer or proxy that could be interfering with HTTP headers?


What version of NiFi Registry are you using? 0.1.0 or a version built from 


Hope this helps,




On 4/10/18, 14:59, "Scott Howell" <scotthow...@mobilgov.com> wrote:


    Yes I did, I had Nifi-registry working with a local instances of LDAP 
running. It’s now not cooperating since I moved to using Jumpcloud. 


    > On Apr 10, 2018, at 1:56 PM, Kevin Doran <kdo...@apache.org> wrote:


    > Hi Scott,


    > Did you configure nifi-registry.properties with:


    > nifi.registry.security.identity.provider=ldap-identity-provider


    > On 4/10/18, 14:53, "Scott Howell" <scotthow...@mobilgov.com> wrote:


    >    Thanks for the all the help yesterday standing up LDAP for NIFI. I was 
able to troubleshoot and fix the issues myself. I am running into a unique 
issue with my Nifi-Registry when I try to login with my LDAP credentials like I 
do for the nifi cluster I get in my logs with this:


    >    2018-04-10 18:43:15,303 INFO [NiFi Registry Web Server-18] 
o.a.n.r.w.s.NiFiRegistrySecurityConfig AuthenticationEntryPoint invoked as no 
user identity credentials were found in the request.


    >    My identity-providers.xml is this:

    >    <identityProviders>

    >         <provider> 

    >                          <identifier>ldap-identity-provider</identifier>  

    >                          <property name="Authentication 

    >                          <property name="Manager 

    >                          <property name="Manager 

    >                          <property name="TLS - Keystore”>

    >                         </property>

    >                          <property name="TLS - Keystore 

    >                          <property name="TLS - Keystore Type"></property>

    >                          <property name="TLS - 

    >                          <property name="TLS - Truststore 

    >                         <property name="TLS - Truststore 

    >                          <property name="TLS - Client Auth"></property> 

    >                          <property name="TLS - 

    >                          <property name="TLS - Shutdown 

    >                          <property name="Referral 

    >                          <property name="Connect Timeout">10 

    >                          <property name="Read Timeout">10 secs</property> 

    >                          <property 

    >                          <property name="User Search 

    >                          <property name="User Search 

    >                          <property name="Identity 

    >                          <property name="Authentication Expiration">12 

    >          </provider>

    >    </identityProviders>


    >    For the most part I grabbed most of this from my Nifi node 
login-identity-providers.xml but I seem to have something messed up.






Reply via email to