Hi Bill, In a cluster all nodes should indeed apply the changes to the users.xml and authorizations.xml. In fact, the nodes should refuse to reconnect if they detect a difference in these files.
First thing to verify is of course whether the two nodes successfully form a cluster. Do you see “2/2 nodes” in the top left of the UI and what does the Cluster window say (from the Hamburger menu)? Next would be file permissions on the users.xml and authorizations.xml. Is the user NiFi runs under allowed to write to the files? If you happened to start NiFi as root for the initial run, those files might be owned by root still. Also, are the authorizers.xml and login-identity-providers.xml identical between the nodes? Next, are there any error in the nifi-app.log regarding the users file? These steps will hopefully identify the cause of the failed synchronization. If not, please provide more of these details to us for diagnosis. Regards, Isha Van: Bill Bauernschmidt <[email protected]> Verzonden: dinsdag 14 september 2021 23:48 Aan: [email protected] Onderwerp: Auth issues with cluster I have installed a 2 node nifi cluster that is setup to authenticate via OIDC with our auth server. I am able to login successfully with my initial admin user on both nodes. This admin user exists in both nodes users.xml files. I then created a new user using the UI. Auth works fine for this user when one node is hit via the UI login but when the other node is hit it gives me a "Unknown user with identity" message. Looking at the users.xml files on the two nodes I see that the new user is in one node's file but not the other. This lines up with the node being hit during login and whether login is successful or not. When adding a new user in the UI like this should it end up in both nodes users.xml files and if so what should I look at to fix this in my cluster? Thanks, Bill
