Thanks David, I know it's not going to be easy to resolve my issue. I'll change the loglevel as you suggested and test again.
Have a nice and happy weekend. Regard, DongCheol Gong 2024년 3월 1일 (금) 오전 10:36, David Handermann <[email protected]>님이 작성: > Thanks for providing some background on the issue with SAML configuration. > > The following post describes the steps required for configuring NiFi to > integrate with Okta, including example configuration settings: > > > https://exceptionfactory.com/posts/2022/11/30/integrating-apache-nifi-with-okta-saml-authentication/ > > It is difficult to determine the problem based on the logs provided. As a > next step, enabling debug logging for the org.springframework.security > logger should provide additional details about the SAML handshake process. > > Regards, > David Handermann > > On Wed, Feb 28, 2024 at 9:25 PM DC Gong <[email protected]> wrote: > >> Hi, >> I’m trying to get an OKTA SAML integration for NiFi. >> I set up nifi.properties using the information provided by okta. >> The domain information is dummy for security reasons. >> I set up the entityId and ACS information in okta correctly. >> >> <nifi.properties> >> >> nifi.security.user.saml.idp.metadata.url= >> https://okta-site.com/nifi/okta-saml/metadata.xml >> nifi.security.user.saml.sp.entity.id=mysite-entity-id >> nifi.security.user.saml.identity.attribute.name= >> nifi.security.user.saml.group.attribute.name= >> nifi.security.user.saml.request.signing.enabled=false >> nifi.security.user.saml.want.assertions.signed=true >> nifi.security.user.saml.signature.algorithm= >> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 >> nifi.security.user.saml.authentication.expiration=12 hours >> nifi.security.user.saml.single.logout.enabled=false >> nifi.security.user.saml.http.client.truststore.strategy=JDK >> nifi.security.user.saml.http.client.connect.timeout=30 secs >> nifi.security.user.saml.http.client.read.timeout=30 secs >> >> >> >> But I’m getting a 401 error in ACS(/nifi-api/access/saml/login/consumer) >> for processing SAML Assertion after saml authentication from okta. >> The payload SAMLResponse delivered to ACS after OKTA login contains user >> information as expected. >> Is there anything else I should look at to resolve this error? >> >> And I received one cert file from okta, how am I supposed to use this? >> The metadata.xml file provided by okta also contained the contents of >> that certificate. >> >> I’ll also add the nifi-user.log trace information. >> >> 2024-02-29 01:50:52,689 DEBUG [NiFi Web Server-110] >> o.a.n.w.s.c.StandardApplicationCookieService Added Session Cookie >> [__Secure-Request-Token] URI [https://my-site.com:443] >> 2024-02-29 01:50:52,689 DEBUG [NiFi Web Server-110] >> o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] >> 2024-02-29 01:50:52,689 DEBUG [NiFi Web Server-110] >> o.a.n.w.s.x509.X509CertificateExtractor No client certificate found in >> request. >> 2024-02-29 01:50:52,689 TRACE [NiFi Web Server-110] >> o.a.n.w.s.j.r.StandardBearerTokenResolver Bearer Token not found in Header >> or Cookie >> 2024-02-29 01:50:52,694 DEBUG [NiFi Web Server-110] >> o.a.n.w.s.c.StandardApplicationCookieService Removed Cookie >> [__Secure-SAML-Request-Identifier] URI [https://my-site.com:443] >> >> >> >> [image: Screenshot 2024-02-29 at 1.42.52 AM.png] >> >> Have a nice day :) >> >
