Thanks for the replies. Sadly, a curl is working fine to the discovery URL from command line. I thought it may be possible java/nifi is not able to access the necessary https proxy settings I have set in /etc/environment so I set the bootstrap.conf as below but it did not help. ... java.arg.18=-Dhttp.proxyHost=proxy.host.svc.local java.arg.19=-Dhttp.proxyPort=3128 java.arg.20=-Dhttps.proxyHost=proxy.host.svc.local java.arg.21=-Dhttps.proxyPort=3128
________________________________ From: David Handermann <exceptionfact...@apache.org> Sent: Friday, December 6, 2024 1:52 PM To: users@nifi.apache.org <users@nifi.apache.org> Subject: Re: Configuring NiFi for OIDC This Message Is From an External Sender This message came from outside AT&T. Click for additional detail.<https://att.sharepoint.com/sites/cso/SitePages/Email-Warning-Tags-Coming-to-Your-Inbox.aspx> Hi Alan, Thanks for attaching the nifi-app.log, it contains the full stack trace including the details of the error as follows: Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://oidc.stage.elogin.att.com/mga/sps/oauth/oauth20/metadata/ATTOIDC/.well-known/openid-configuration": Connection reset by peer; nested exception is java.net.SocketException: Connection reset by peer at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:717) at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:340) at org.apache.nifi.web.security.oidc.registration.StandardClientRegistrationProvider.getProviderMetadata(StandardClientRegistrationProvider.java:113) The "SocketException: Connection reset by peer" indicates some kind of networking problem between NiFi and the OpenID Connect provider. If you are able to run curl to that URL from the NiFi instance itself, that might be informative, but it appears that something is blocking connectivity between NiFi and that system. Regards, David Handermann On Fri, Dec 6, 2024 at 1:54 PM LAFLEUR, ALAN <al1...@att.com> wrote: > > Thanks David. I'm attempting to add the app logs as an attachment. Assuming > it works, is that the stacktrace you mentioned? > > > > ________________________________ > From: David Handermann <exceptionfact...@apache.org> > Sent: Friday, December 6, 2024 9:01 AM > To: users@nifi.apache.org <users@nifi.apache.org> > Subject: Re: Configuring NiFi for OIDC > > This Message Is From an External Sender > This message came from outside AT&T. Click for additional detail. > > > Hi Alan, > > There should be a stack trace following the metadata URL retrieval > error. That should provide additional details related to error. > > Regards, > David Handermann > > On Fri, Dec 6, 2024 at 10:16 AM LAFLEUR, ALAN <al1...@att.com> wrote: > > > > Hi All, > > I'm fairly new to NiFi and have my Ubuntu instance running fine with single > > identity config. However, I am now trying to configure NiFi for OIDC but > > when I start the nifi process it dies with the error below. A curl shows > > that at least basic connectivity is working to the IDP. Any ideas what > > could be causing this? I can provide my nifi.properties and/or > > authorizers.xml if needed. > > 2024-11-20 00:22:09,786 ERROR [main] o.s.web.context.ContextLoader Context > > initialization failed > > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > > creating bean with name > > 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': > > Unsatisfied dependency > > expressed through method 'setFilterChains' parameter 0; nested exception is > > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > > creating bean with name 'securityFilterChain' defined in org.a > > pache.nifi.web.security.configuration.WebSecurityConfiguration: Unsatisfied > > dependency expressed through method 'securityFilterChain' parameter 7; > > nested exception is org.springframework.beans.factory.BeanCreati > > onException: Error creating bean with name > > 'oAuth2LoginAuthenticationFilter' defined in > > org.apache.nifi.web.security.configuration.OidcSecurityConfiguration: Bean > > instantiation via factory method failed; nested > > exception is org.springframework.beans.BeanInstantiationException: Failed > > to instantiate > > [org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter]: > > Factory method 'oAuth2LoginAuthenticatio > > nFilter' threw exception; nested exception is > > org.springframework.beans.factory.BeanCreationException: Error creating > > bean with name 'clientRegistrationRepository' defined in > > org.apache.nifi.web.security.configu > > ration.OidcSecurityConfiguration: Bean instantiation via factory method > > failed; nested exception is > > org.springframework.beans.BeanInstantiationException: Failed to instantiate > > [org.springframework.security.oauth > > 2.client.registration.ClientRegistrationRepository]: Factory method > > 'clientRegistrationRepository' threw exception; nested exception is > > org.apache.nifi.web.security.oidc.OidcConfigurationException: OpenID Connec > > t Metadata URL > > [https://oidc.stage.elogin.att.com/mga/sps/oauth/oauth20/metadata/ATTOIDC/.well-known/openid-configur...] > > retrieval failed > > Thanks for any assistance you can provide, > > Alan LaFleur > >
