Thanks Kevin for sending that back, This is what I see when looking at the Headers on the login.
The version of Nifi-Registry I am running is 0.1.0. What confuses me is that this was working with my local LDAP fine. It just stopped working when I switched to setting up the identity-provider.xml with the same credentials as my nifi-cluster. > On Apr 10, 2018, at 2:10 PM, Kevin Doran <[email protected]> wrote: > > If everything is configured correctly, this error usually indicates that the > server did not locate your login credentials when processing the login > request. That usually means it will not even attempt to authenticate the > credentials, so I'm not sure it is an LDAP configuration error. > > If you want to check this manually using developer tools in a browser (e.g., > Chrome or Firefox) you can look at the HTTP traffic to see if credentials are > being passed to the server. NiFi Registry uses the HTTP Basic Auth protocol > to login (credentials are encoded in the Authorization header and passed to > the server from the login page to generate a temporary authentication token). > > So after clicking "Login", you should look for an HTTP POST to > <base_url>/nifi-registry-api/access/token/login, which should have an > "Authorization" header with the value "Basic {encoded-username-and-password}" > > If the credentials are there, it is likely something is misconfigured on the > server side with the identity provider so that login credentials are not even > being looked for. If the credentials are not there... well I've never seen > that. I would probably as if your NiFi Registry Server running behind a load > balancer or proxy that could be interfering with HTTP headers? > > What version of NiFi Registry are you using? 0.1.0 or a version built from > source? > > Hope this helps, > Kevin > > > On 4/10/18, 14:59, "Scott Howell" <[email protected] > <mailto:[email protected]>> wrote: > > Yes I did, I had Nifi-registry working with a local instances of LDAP > running. It’s now not cooperating since I moved to using Jumpcloud. > > > On Apr 10, 2018, at 1:56 PM, Kevin Doran <[email protected]> wrote: > > > > Hi Scott, > > > > Did you configure nifi-registry.properties with: > > > > nifi.registry.security.identity.provider=ldap-identity-provider > > > > On 4/10/18, 14:53, "Scott Howell" <[email protected]> wrote: > > > > Thanks for the all the help yesterday standing up LDAP for NIFI. I > was able to troubleshoot and fix the issues myself. I am running into a > unique issue with my Nifi-Registry when I try to login with my LDAP > credentials like I do for the nifi cluster I get in my logs with this: > > > > 2018-04-10 18:43:15,303 INFO [NiFi Registry Web Server-18] > o.a.n.r.w.s.NiFiRegistrySecurityConfig AuthenticationEntryPoint invoked as no > user identity credentials were found in the request. > > > > My identity-providers.xml is this: > > <identityProviders> > > <provider> > > > <identifier>ldap-identity-provider</identifier> > > > <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class> > > <property name="Authentication > Strategy">START_TLS</property> > > <property name="Manager > DN">uid=nifi,ou=Users,o={redacted},dc=jumpcloud,dc=com</property> > > <property name="Manager > Password">{redacted}</property> > > <property name="TLS - Keystore”> > > </property> > > <property name="TLS - Keystore > Password"></property> > > <property name="TLS - Keystore > Type"></property> > > <property name="TLS - > Truststore">/opt/certs/jumpcloud.jks</property> > > <property name="TLS - Truststore > Password">{redacted}</property> > > <property name="TLS - Truststore > Type">JKS</property> > > <property name="TLS - Client Auth"></property> > > <property name="TLS - > Protocol">TLSv1.2</property> > > <property name="TLS - Shutdown > Gracefully"></property> > > <property name="Referral > Strategy">FOLLOW</property> > > <property name="Connect Timeout">10 > secs</property> > > <property name="Read Timeout">10 > secs</property> > > <property > name="Url">ldap://ldap.jumpcloud.com:389</property> > > <property name="User Search > Base">ou=Users,o={redacted},dc=jumpcloud,dc=com</property> > > <property name="User Search > Filter">uid={0}</property> > > <property name="Identity > Strategy">USE_USERNAME</property> > > <property name="Authentication Expiration">12 > hours</property> > > </provider> > > </identityProviders> > > > > For the most part I grabbed most of this from my Nifi node > login-identity-providers.xml but I seem to have something messed up. > > > >
