Nifi Cluster Untrusted Proxy Error

Dweep Sharma Wed, 04 Dec 2019 04:32:17 -0800

Hi All ,

I am trying to setup a NIFI Cluster (2 node) with OpenIDConnect (Google).
The cluster setup was done using
https://pierrevillard.com/2016/11/29/apache-nifi-1-1-0-secured-cluster-setup


and openid was done using
https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect

The error after logging in is.

*Insufficient Permissions*

*Untrusted proxy CN=*.dummy.com, OU=NIFI*

We have used nifi toolkit to generate the certificates

Attaching the authorizations, authorizer, users xml

The guides mentioned above seem to be old, it would be great if someone
could share resources for the latest version or assist on this issue.

I am open to trying openldap as well . Thanks

-Dweep

-- 
*::DISCLAIMER::

----------------------------------------------------------------------------------------------------------------------------------------------------


The contents of this e-mail and any attachments are confidential and 
intended for the named recipient(s) only.E-mail transmission is not 
guaranteed to be secure or error-free as information could be intercepted, 
corrupted,lost, destroyed, arrive late or incomplete, or may contain 
viruses in transmission. The e mail and its contents(with or without 
referred errors) shall therefore not attach any liability on the originator 
or redBus.com. Views or opinions, if any, presented in this email are 
solely those of the author and may not necessarily reflect the views or 
opinions of redBus.com. Any form of reproduction, dissemination, copying, 
disclosure, modification,distribution and / or publication of this message 
without the prior written consent of authorized representative of redbus. 
<http://redbus.in/>com is strictly prohibited. If you have received this 
email in error please delete it and notify the sender immediately.Before 
opening any email and/or attachments, please check them for viruses and 
other defects.*

{\rtf1\ansi\ansicpg1252\cocoartf1671\cocoasubrtf600
{\fonttbl\f0\froman\fcharset0 Times-Roman;}
{\colortbl;\red255\green255\blue255;\red0\green0\blue0;}
{\*\expandedcolortbl;;\cssrgb\c0\c0\c0;}
\paperw11900\paperh16840\margl1440\margr1440\vieww15380\viewh13100\viewkind0
\deftab720
\pard\pardeftab720\sl280\partightenfactor0

\f0\fs24 \cf2 \expnd0\expndtw0\kerning0
\outl0\strokewidth0 \strokec2 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>\
<authorizations>\
\'a0 \'a0 <policies>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f" resource="/flow" action="R">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a9755-016c-1000-4425-4df789a817eb"/>\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515" resource="/restricted-components" action="W">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7" resource="/tenants" action="R">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5" resource="/tenants" action="W">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212" resource="/policies" action="R">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d" resource="/policies" action="W">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03" resource="/controller" action="R">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf" resource="/controller" action="W">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>\
\
\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="ae532a4c-016c-1000-637f-38253914a685" resource="/provenance" action="R">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="ae53e58e-016c-1000-f966-18717c5645c1" resource="/site-to-site" action="R">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="ae540f7c-016c-1000-5ecb-f7a9d7405555" resource="/system" action="R">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="ae54451d-016c-1000-e0e2-a380de6679dc" resource="/proxy" action="W">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="ae546c4b-016c-1000-9746-99f5962b2e62" resource="/counters" action="R">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="ae5491ad-016c-1000-83b1-6944c8285a16" resource="/counters" action="W">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="b2f8f7ee-016c-1000-4bc2-d796491fd0e0" resource="/policies/process-groups/a97c370b-016c-1000-87c2-2ed45eaf0b48" action="R"/>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="b3bdee5c-016c-1000-f4da-b0a283608f91" resource="/process-groups/a97c370b-016c-1000-87c2-2ed45eaf0b48" action="R"/>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="b3c011b8-016c-1000-88d8-b235d11aefba" resource="/process-groups/a97c370b-016c-1000-87c2-2ed45eaf0b48" action="W">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="b3c868ff-016c-1000-e606-835dc5c659e8" resource="/operation/processors/b3c48d49-016c-1000-8396-950d03ad5e07" action="W">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="b3cb4b2a-016c-1000-a191-eeb3995dd942" resource="/operation/processors/b3c8228a-016c-1000-8e36-f4315d3da34c" action="W">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="b3cbad5a-016c-1000-52c6-3e37a288ad34" resource="/operation/process-groups/b3c41e61-016c-1000-b40f-21bbefe6599c" action="W">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="b3cd1977-016c-1000-a920-be900586ad57" resource="/processors/b3c48d49-016c-1000-8396-950d03ad5e07" action="R">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="b3cdb1b0-016c-1000-cc57-d0921d512c2c" resource="/process-groups/b3c41e61-016c-1000-b40f-21bbefe6599c" action="R">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 \'a0 \'a0 <policy identifier="b3cead39-016c-1000-7280-5df3b2903103" resource="/process-groups/b3ce9097-016c-1000-fbbe-c5f148d3d5bc" action="R">\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>\
\'a0 \'a0 \'a0 \'a0 \'a0 \'a0 <group identifier="ae4a9755-016c-1000-4425-4df789a817eb"/>\
\'a0 \'a0 \'a0 \'a0 </policy>\
\'a0 \'a0 </policies>\
</authorizations>\
}

{\rtf1\ansi\ansicpg1252\cocoartf1671\cocoasubrtf600
{\fonttbl\f0\froman\fcharset0 Times-Italic;}
{\colortbl;\red255\green255\blue255;\red0\green0\blue0;}
{\*\expandedcolortbl;;\cssrgb\c0\c0\c0;}
\paperw11900\paperh16840\margl1440\margr1440\vieww37300\viewh20180\viewkind0
\deftab720
\pard\pardeftab720\sl280\partightenfactor0

\f0\i\fs24 \cf2 \expnd0\expndtw0\kerning0
\outl0\strokewidth0 \strokec2 \uc0\u8234 authorizers.xml: \uc0\u8236 \
\uc0\u8234 <authorizers>\uc0\u8236 \
\uc0\u8234 <userGroupProvider>\uc0\u8236 \
\uc0\u8234 \'a0 <identifier>file-user-group-provider</identifier>\uc0\u8236 \
\uc0\u8234 \'a0 <class>org.apache.nifi.authorization.FileUserGroupProvider</class>\uc0\u8236 \
\uc0\u8234 \'a0 <property name="Users File">./conf/users.xml</property>\uc0\u8236 \
\uc0\u8234 \'a0 <property name="Legacy Authorized Users File"></property>\uc0\u8236 \
\
\uc0\u8234 \'a0 <property name="Initial User Identity 1">[email protected]</property>\uc0\u8236 \
\uc0\u8234 </userGroupProvider>\uc0\u8236 \
\uc0\u8234 <accessPolicyProvider>\uc0\u8236 \
\uc0\u8234 \'a0 <identifier>file-access-policy-provider</identifier>\uc0\u8236 \
\uc0\u8234 \'a0 <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>\uc0\u8236 \
\uc0\u8234 \'a0 <property name="User Group Provider">file-user-group-provider</property>\uc0\u8236 \
\uc0\u8234 \'a0 <property name="Authorizations File">./conf/authorizations.xml</property>\uc0\u8236 \
\uc0\u8234 \'a0 <property name="Initial Admin Identity">[email protected]</property>\uc0\u8236 \
\uc0\u8234 \'a0 <property name="Legacy Authorized Users File"></property>\uc0\u8236 \
\uc0\u8234 \'a0 <property name="Node Identity 1">CN=dpdum1.dummy.com, OU=NIFI</property>\uc0\u8236 \
\uc0\u8234 \'a0 <property name="Node Identity 2">CN=dpdum2.dummy.com, OU=NIFI</property>\uc0\u8236 \
\uc0\u8234 \'a0 <property name="Node Group"></property>\uc0\u8236 \
\uc0\u8234 </accessPolicyProvider>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0 <authorizer>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0\'a0\'a0\'a0\'a0 <identifier>managed-authorizer</identifier>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0\'a0\'a0\'a0\'a0 <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0\'a0\'a0\'a0\'a0 <property name="Access Policy Provider">file-access-policy-provider</property>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0 </authorizer>\uc0\u8236 \
\uc0\u8234 </authorizers>\uc0\u8236 \
\
\
\
\uc0\u8234 Users.xml\uc0\u8236 \
\uc0\u8234 ?xml version="1.0" encoding="UTF-8" standalone="yes"?>\uc0\u8236 \
\uc0\u8234 <tenants>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0 <groups>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0\'a0\'a0\'a0\'a0 <group identifier="ae4a4221-016c-1000-a933-2243c2e28888" name="admin">\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0 <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947"/>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0 <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0\'a0\'a0\'a0\'a0 </group>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0\'a0\'a0\'a0\'a0 <group identifier="ae4a9755-016c-1000-4425-4df789a817eb" name="readonly">\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0 <user identifier="ae4fba22-016c-1000-de8b-579daa5f7a5f"/>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0\'a0 <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0\'a0\'a0\'a0\'a0 </group>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0 </groups>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0 <users>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0\'a0\'a0\'a0\'a0 <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947" identity="[email protected]"/>\uc0\u8236 \
\uc0\u8234 \'a0\'a0\'a0 </users>\uc0\u8236 \
\uc0\u8234 </tenants>\uc0\u8236 }

Nifi Cluster Untrusted Proxy Error

Reply via email to