Hi Kevin, Referencing my previous post:
1. The header folding problem was solved, using proxy_set_header X-SSL-CERT $ssl_client_escaped_cert; nifi-user.log: "Attempting request for (<CN=clientname,OU=NiFi><CN=reverseproxy, OU=NiFi>) Authentication success for CN=clientname,OU=NiFi" 2. But then I also got "identity[CN=clientname,OU=NiFi], groups[] does not have permission to access the requested resource. Unknown user with identity 'CN=clientname,OU=NiFi'. Returning Forbidden response." That was because NGINX now removed the space between CN and OU. So I had to create a new NiFi user without the space to match NGINX's presentation of the FQDN, and have to remember to create user FQDNs without spaces in the future. I don't know why I have to use both the 'proxy_set_header X-ProxiedEntitiesChain' (as shown in Mr. Kawamura's example) as well as the 'proxy_set_header X-SSL-CERT' directives, but it works. Anyway, thanks for your guidance which kept me from going down more rabbit holes than I already had. Scott -- Sent from: http://apache-nifi-users-list.2361937.n4.nabble.com/
