My ./config/authorizers.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<authorizers>
<userGroupProvider>
<identifier>file-user-group-provider</identifier>
<class>org.apache.nifi.authorization.FileUserGroupProvider</class>
<property name="Users File">./conf/users.xml</property>
<property name="Initial User Identity 1">CN=My
Name,OU=MyOU,DC=MyDomain</property>
</userGroupProvider>
<accessPolicyProvider>
<identifier>file-access-policy-provider</identifier>
<class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
<property name="User Group Provider">file-user-group-provider</property>
<property name="Authorizations
File">./conf/authorizations.xml</property>
<property name="Initial Admin Identity">CN=My
Name,OU=MyOU,DC=MyDomain</property>
<property name="Node Identity 1"></property>
<property name="Node Group"></property>
</accessPolicyProvider>
<authorizer>
<identifier>managed-authorizer</identifier>
<class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
<property name="Access Policy
Provider">file-access-policy-provider</property>
</authorizer>
</authorizers>
From: Alexei Rozenvaser <[email protected]>
Sent: Thursday, February 22, 2024 2:59 PM
To: [email protected]
Subject: Insufficient Permissions - Unable to view the user interface - at WebUI
Hi Everyone
I have a brand new installation of NiFi 2.0.
I configured LDAP user authentication.
I have my AD DN defined as both "Initial User Identity 1" and "Initial Admin
Identity" in authorizers.xml
1. Now I can launch the NiFi server successfully.
2. I can successfully log in to NiFi's webUI with my AD user
3. But I get: "Insufficient Permissions" - "Unable to view the user
interface." at WebUI
4. There is an AccessDeniedExeptionMapper identity [cn=My
Name,ou=MyOU,DC=MyDC], group[] does not have permission to access the requested
resource. Unable to view the user interface. Returning Forbidden response.
entry at nifi-user.log
If I understand the situation correctly I can pass the authentication phase but
my user wasn't authorized for UI access?
What should I check first?