Got it. Thank you very much once again, Bryan. After I get this working to prove I can using Ansible, then I intend to tackle securing it. It isn’t exposed right now, either: the Inbound Rules of my Security Group on my EC2 instance lock down access to 8443 and to 8080. For now, that works.
On Tue, Dec 13, 2022 at 3:00 PM Bryan Bende <[email protected]> wrote: > If you want no authN and no authZ then you can have empty > authorizers.xml and empty login-identity-providers.xml, just make sure > nifi.properties does not reference an authorizer id or identity > provider id. > > Keeping in mind that if you make it unsecure, hopefully your nifi > instance is not accessible from anywhere other than localhost. > > On Tue, Dec 13, 2022 at 2:04 PM James McMahon <[email protected]> > wrote: > > > > Thank you Bryan. I do have that declared in login-identity-providers.xml: > > [ec2-user@ip-172-31-73-197 conf]$ more login-identity-providers.xml > > <?xml version='1.0' encoding='UTF-8'?> > > <!-- ANSIBLE MANAGED FILE. DO NOT EDIT --> > > <loginIdentityProviders> > > <provider> > > > > <class>org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider</class> > > <identifier>single-user-provider</identifier> > > </provider> > > </loginIdentityProviders> > > > > I am not sure I can answer your question. I thought authorizers.xml, and > the other xml conf files were required. For my simplified use case, what is > the bare minimum configuration including in the authorizers.xml and > login-identity-providers.xml? > > > > I realize my use case is not a good long-term objective. But I want to > get a nifi instance running in a minimalist form, and then after I do that > tackle authorization, https, etc. > > > > On Tue, Dec 13, 2022 at 1:48 PM Bryan Bende <[email protected]> wrote: > >> > >> The SingleUserAuthorizer requires using the > >> SingleUserLoginIdentityProvider, do you have that declared in > >> login-identity-providers.xml? > >> > >> Also if you are trying to remove authentication/authorization and run > >> over http, then why declare the SingleUserAuthorizer at all? > >> > >> On Tue, Dec 13, 2022 at 1:43 PM James McMahon <[email protected]> > wrote: > >> > > >> > Hello. I am having difficulty getting nifi to start for a simple > single node configuration without user authentication. My goal is to get a > nifi instance running over http. I understood that there would be no user > authentication in such a case. Why then is my nifi instance failing to > start with these errors thrown for authorizers.xml (example of the errors > at bottom)? > >> > > >> > I have no FileUserGroupProvider or LdapUserGroupProvider to access > for user account information. I establish a user named nifi and group named > nifi at the time I run my playbook. > >> > > >> > Currently I have only this in my authorizers.xml file. > >> > <?xml version='1.0' encoding='UTF-8'?> > >> > <!-- ANSIBLE MANAGED FILE. DO NOT EDIT --> > >> > <authorizers> > >> > <authorizer> > >> > <identifier>single-user-authorizer</identifier> > >> > > <class>org.apache.nifi.authorization.single.user.SingleUserAuthorizer</class> > >> > </authorizer> > >> > </authorizers> > >> > I run my ansible playbook as user ec2-user, and the ansible role > establishes a user nifi. How must authorizers.xml be configured for such a > single-node nifi configuration? > >> > > >> > When I attempt to start nifi I get a series of errors like these in > nifi-app.log. I suspect my authorizers.xml is missing info. > >> > > >> > Caused by: > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name > 'org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration': > Unsatisfied dependency expressed through method 'setObjectPostProcessor' > parameter 0; nested exception is > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating > >> > bean with name > 'org.apache.nifi.web.security.configuration.AuthenticationSecurityConfiguration': > Unsatisfied dependency expressed through constructor parameter 2; nested > exception is org.springframe > >> > work.beans.factory.BeanCreationException: Error creating bean with > name 'authorizer': FactoryBean threw exception on object creation; nested > exception is java.lang.Exception: Unable to load the authorizer > configuration file at: /opt/nifi/releases/nifi-1.16.3/./conf/authorizers.xml >
