Thanks Bryan. I'm seeing in AccessResource.java that it will throw this exception if spnego is not configured or keberosService is null, which it is in my nifi.
Doing a quick search for setKeberosService callers doesnt turn anything up in the code. And this exception prevents me accessing the app. Do i need to configure anything in authorizers.xml or users.xml? I set the krb file in nifi.properties already. Darren Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android<https://aka.ms/ghei36> ________________________________ From: Bryan Bende <bbe...@gmail.com> Sent: Monday, December 14, 2020 11:19:28 AM To: users@nifi.apache.org <users@nifi.apache.org> Subject: Re: Secure Mode & Kerberos That is just a warning that prints every time you refresh the UI, the UI makes a call to see if SPNEGO is enabled, it shouldn't impact anything, same case for OIDC. On Mon, Dec 14, 2020 at 10:15 AM Darren Govoni <dar...@ontrenet.com> wrote: > > When I remove the SPNEGO properties and set the krb5 file > > # kerberos # > nifi.kerberos.krb5.file=/etc/krb5.conf > > > 020-12-14 10:09:44,477 WARN [NiFi Web Server-19] > o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: > Kerberos ticket login not supported by this NiFi.. Returning Conflict > response. > java.lang.IllegalStateException: Kerberos ticket login not supported by this > NiFi. > > Also threw exception about OpenID Connect not configured. > > Nifi 1.11.4 > > ________________________________ > From: Darren Govoni <dar...@ontrenet.com> > Sent: Monday, December 14, 2020 10:00 AM > To: users@nifi.apache.org <users@nifi.apache.org> > Subject: Re: Secure Mode & Kerberos > > Hi Bryan > > I did do that but still got the warning/error. But I will go back and verify > this. > > Darren > > Sent from my Verizon, Samsung Galaxy smartphone > Get Outlook for Android > > ________________________________ > From: Bryan Bende <bbe...@gmail.com> > Sent: Monday, December 14, 2020 9:37:33 AM > To: users@nifi.apache.org <users@nifi.apache.org> > Subject: Re: Secure Mode & Kerberos > > You don't need to have NiFi secured with Kerberos in order to use HDFS > processors talking to kerberized HDFS. > > You just need to specify the krb5.conf in nifi.properties, and you > need to provide the HDFS processors with a core-site.xml that has > security set to kerberos. > > On Mon, Dec 14, 2020 at 9:28 AM Darren Govoni <dar...@ontrenet.com> wrote: > > > > Hi, > > I want to test the HDFS processors using Kerberos, but they trigger a > > warning saying Nifi is not running in secure mode, so it ignores kerberos. > > > > In order to get Nifi into secure mode I had to enable SPNEGO which it seems > > to want a kerberos header to allow me into the app now. > > > > Is there a way to allow processors to run securely with kerberos without > > having to auth myself into the app via kerberos? Which I'm not sure how to > > do. > > > > Darren > > > > PS. I do have a Apache Kerby KDC running locally if that can help me auth > > into Nifi.
