The message about "Kerberos service ticket login not supported by this NiFi Registry" means that one of the following properties is not populated:
nifi.registry.kerberos.spnego.principal= nifi.registry.kerberos.spnego.keytab.location= On Fri, Feb 8, 2019 at 8:20 AM Tomislav Novosel <[email protected]> wrote: > > Hi Daniel, > > Ok, I see. Thanks for the answer. > > I switched to official Nifi registry image. I succeeded to spin up registry > in docker container and to > setup Kerberos provider in identity-providers.xml. Also I configured > authorizers.xml as per afficial Nifi documentation. > > I already have the same setup with Kerberos, but not in Docker container. And > everything works like a charm. > > When I enter credentials, login does not pass. This is app log: > > 2019-02-08 12:52:30,568 INFO [NiFi Registry Web Server-14] > o.a.n.r.w.m.IllegalStateExceptionMapper java.lang.IllegalStateException: > Kerberos service ticket login not supported by this NiFi Registry. Returning > Conflict response. > 2019-02-08 12:52:30,644 INFO [NiFi Registry Web Server-13] > o.a.n.r.w.s.NiFiRegistrySecurityConfig Client could not be authenticated due > to: > org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: > An Authentication object was not found in the SecurityContext Returning 401 > response. > 2019-02-08 12:52:50,557 INFO [NiFi Registry Web Server-14] > o.a.n.r.w.m.UnauthorizedExceptionMapper > org.apache.nifi.registry.web.exception.UnauthorizedException: The supplied > client credentials are not valid.. Returning Unauthorized response. > > Not sure what is going on here. > > Regards, > Tom > > > On Fri, 8 Feb 2019 at 11:36, Daniel Chaffelson <[email protected]> wrote: >> >> Hi Tomislav, >> I created that build a long time ago before the official apache one was up, >> and it is out of date sorry. >> Can I suggest you switch to the official apache image that Kevin mentioned >> and try again? It is an up to date version and recommended by the community. >> >> On Thu, Feb 7, 2019 at 5:54 PM Tomislav Novosel <[email protected]> wrote: >>> >>> Hi Kevin, >>> >>> I'm using image from Docker hub on this link: >>> https://hub.docker.com/r/chaffelson/nifi-registry >>> >>> I think I know where is the problem. The problem is in config file where >>> http host and http port property remains even if I manually set https host >>> and htpps port. >>> I deleted http host and http port to be empty, but when I started container >>> again, those values are again there. >>> >>> I don't know what the author of image wanted to say with this: >>> >>> The Docker image can be built using the following command: >>> >>> . >>> ~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerBuild.sh >>> >>> What does this commend mean? >>> >>> And this: >>> >>> Note: The default version of NiFi-Registry specified by the Dockerfile is >>> typically that of one that is unreleased if working from source. To build >>> an image for a prior released version, one can override the >>> NIFI_REGISTRY_VERSIONbuild-arg with the following command: >>> >>> docker build --build-arg=NIFI_REGISRTY_VERSION={Desired NiFi-Registry >>> Version} -t apache/nifi-registry:latest . >>> >>> For this command above you need to have Dockerfile. I tried with Dockerfile >>> from docker hub, but there are errors in execution on this line: >>> >>> ADD sh/ ${NIFI_REGISTRY_BASE_DIR}/scripts/ >>> >>> On the other hand, If I manage to get the image with first command, I will >>> get Nifi registry version 0.1.0 which I don't want. >>> >>> I'm little bit confused here, sorry for longer mail. >>> >>> Thanks. >>> >>> Regards, >>> Tom >>> >>> On Thu, 7 Feb 2019 at 17:38, Kevin Doran <[email protected]> wrote: >>>> >>>> Hi Tom, >>>> >>>> Are you using the apache/nifi-registry image or a custom image for this? >>>> >>>> Have you configured TLS? >>>> Can you share your complete conf dir (removing sensitive values such as >>>> password or domains)? >>>> >>>> Thanks, >>>> Kevin >>>> >>>> >>>> On February 7, 2019 at 05:57:37, Tomislav Novosel ([email protected]) >>>> wrote: >>>> > Hi all, >>>> > >>>> > I'm trying to configure Nifi registry authentication with Kerberos while >>>> > Nifi registry runs >>>> > inside Docker container. >>>> > >>>> > I configured all security properties in nifi-registry.properties, login >>>> > identity provider and >>>> > authorizers.xml. Everything the same as for Nifi registry running as a >>>> > service without Docker container. >>>> > >>>> > When I open UI in browser and type in login data, login dose not pass. >>>> > >>>> > In /logs/nifi-registry-app.log I see error: >>>> > >>>> > An Authentication object was not found in the SecurityContext Returning >>>> > 401 response >>>> > java.lang.IllegalStateException: Access tokens are only issued over HTTPS >>>> > >>>> > nifi.registry.web.https.host property is default because of Docker: >>>> > ae24ea32faef >>>> > nifi.registry.web.https.port=18080 >>>> > >>>> > How can I resolve this? >>>> > Thanks. >>>> > >>>> > >>>> > BR, >>>> > Tom >>>> > >>>>
