Thanks Kevin for sending that back,

This is what I see when looking at the Headers on the login. 


The version of Nifi-Registry I am running is 0.1.0. What confuses me is that 
this was working with my local LDAP fine. It just stopped working when I 
switched to setting up the identity-provider.xml with the same credentials as 
my nifi-cluster. 



> On Apr 10, 2018, at 2:10 PM, Kevin Doran <kdo...@apache.org> wrote:
> 
> If everything is configured correctly, this error usually indicates that the 
> server did not locate your login credentials when processing the login 
> request. That usually means it will not even attempt to authenticate the 
> credentials, so I'm not sure it is an LDAP configuration error.
>  
> If you want to check this manually using developer tools in a browser (e.g., 
> Chrome or Firefox) you can look at the HTTP traffic to see if credentials are 
> being passed to the server. NiFi Registry uses the HTTP Basic Auth protocol 
> to login (credentials are encoded in the Authorization header and passed to 
> the server from the login page to generate a temporary authentication token). 
>  
> So after clicking "Login", you should look for an HTTP POST to 
> <base_url>/nifi-registry-api/access/token/login, which should have an 
> "Authorization" header with the value "Basic {encoded-username-and-password}"
>  
> If the credentials are there, it is likely something is misconfigured on the 
> server side with the identity provider so that login credentials are not even 
> being looked for. If the credentials are not there... well I've never seen 
> that. I would probably as if your NiFi Registry Server running behind a load 
> balancer or proxy that could be interfering with HTTP headers?
>  
> What version of NiFi Registry are you using? 0.1.0 or a version built from 
> source?
>  
> Hope this helps,
> Kevin
>  
>  
> On 4/10/18, 14:59, "Scott Howell" <scotthow...@mobilgov.com 
> <mailto:scotthow...@mobilgov.com>> wrote:
>  
>     Yes I did, I had Nifi-registry working with a local instances of LDAP 
> running. It’s now not cooperating since I moved to using Jumpcloud. 
>     
>     > On Apr 10, 2018, at 1:56 PM, Kevin Doran <kdo...@apache.org> wrote:
>     > 
>     > Hi Scott,
>     > 
>     > Did you configure nifi-registry.properties with:
>     > 
>     > nifi.registry.security.identity.provider=ldap-identity-provider
>     > 
>     > On 4/10/18, 14:53, "Scott Howell" <scotthow...@mobilgov.com> wrote:
>     > 
>     >    Thanks for the all the help yesterday standing up LDAP for NIFI. I 
> was able to troubleshoot and fix the issues myself. I am running into a 
> unique issue with my Nifi-Registry when I try to login with my LDAP 
> credentials like I do for the nifi cluster I get in my logs with this:
>     > 
>     >    2018-04-10 18:43:15,303 INFO [NiFi Registry Web Server-18] 
> o.a.n.r.w.s.NiFiRegistrySecurityConfig AuthenticationEntryPoint invoked as no 
> user identity credentials were found in the request.
>     > 
>     >    My identity-providers.xml is this:
>     >    <identityProviders>
>     >         <provider> 
>     >                          
> <identifier>ldap-identity-provider</identifier>                               
>                                                                               
>                                                       
> <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class> 
>     >                          <property name="Authentication 
> Strategy">START_TLS</property>
>     >                          <property name="Manager 
> DN">uid=nifi,ou=Users,o={redacted},dc=jumpcloud,dc=com</property>
>     >                          <property name="Manager 
> Password">{redacted}</property> 
>     >                          <property name="TLS - Keystore”>
>     >                         </property>
>     >                          <property name="TLS - Keystore 
> Password"></property> 
>     >                          <property name="TLS - Keystore 
> Type"></property>
>     >                          <property name="TLS - 
> Truststore">/opt/certs/jumpcloud.jks</property> 
>     >                          <property name="TLS - Truststore 
> Password">{redacted}</property>                     
>     >                         <property name="TLS - Truststore 
> Type">JKS</property> 
>     >                          <property name="TLS - Client Auth"></property> 
>     >                          <property name="TLS - 
> Protocol">TLSv1.2</property>
>     >                          <property name="TLS - Shutdown 
> Gracefully"></property>
>     >                          <property name="Referral 
> Strategy">FOLLOW</property> 
>     >                          <property name="Connect Timeout">10 
> secs</property> 
>     >                          <property name="Read Timeout">10 
> secs</property> 
>     >                          <property 
> name="Url">ldap://ldap.jumpcloud.com:389</property> 
>     >                          <property name="User Search 
> Base">ou=Users,o={redacted},dc=jumpcloud,dc=com</property> 
>     >                          <property name="User Search 
> Filter">uid={0}</property> 
>     >                          <property name="Identity 
> Strategy">USE_USERNAME</property> 
>     >                          <property name="Authentication Expiration">12 
> hours</property> 
>     >          </provider>
>     >    </identityProviders>
>     > 
>     >    For the most part I grabbed most of this from my Nifi node 
> login-identity-providers.xml but I seem to have something messed up.
>     > 
>     > 

Reply via email to