nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ganesh, B (Nokia - IN/Bangalore)" <b.gan...@nokia.com>
Subject RE: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Date Fri, 17 Apr 2020 17:48:01 GMT
Hi ,
 
In the file login-identity-providers.xml configuration is mentioned below , but in case of
Nifi  1.9.2 also it is configured as same .

<provider>
        <identifier>kerberos-provider</identifier>
        <class>org.apache.nifi.kerberos.KerberosProvider</class>
        <property name="Default Realm">NIFI.COM</property>
        <property name="Authentication Expiration">12 hours</property>
    </provider>


And below is the complete back trace of the issue . 

er java.lang.IllegalArgumentException: The supplied username and password are not valid.}.
Returning Bad Request} response."}
java.lang.IllegalArgumentException: The supplied username and password are not valid.
        at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
        at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200)
        at 
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
        at org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
       
        at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.apache.nifi.authentication.exception.InvalidLoginCredentialsException: Kerberos
authentication failed
        at org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:125)
        at org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:315)
        at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:729)
        ... 84 common frames omitted
Caused by: org.springframework.security.authentication.BadCredentialsException: Kerberos authentication
failed
        at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
        at org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider.authenticate(KerberosAuthenticationProvider.java:40)
        at org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:117)
        ... 86 common frames omitted
Caused by: javax.security.auth.login.LoginException: Cannot locate KDC
        at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
        at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
        at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
        at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
        at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
        at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
        at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:59)
        ... 88 common frames omitted
Caused by: sun.security.krb5.KrbException: Cannot locate KDC
        at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259)
        at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:218)
        at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:200)
        at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:343)
        at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:447)
        at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
        ... 96 common frames omitted
Caused by: sun.security.krb5.KrbException: Generic error (description in e-text) (60) - Unable
to locate KDC for realm NIFI.COM
        at java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
        at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
        ... 101 common frames omitted


Thanks & Regards,
Ganesh.B
-----Original Message-----
From: Bryan Bende <bbende@gmail.com> 
Sent: Friday, April 17, 2020 8:53 PM
To: dev@nifi.apache.org
Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4

Check your Default Realm in login-identity-providers.xml

On Fri, Apr 17, 2020 at 11:05 AM Shawn Weeks <sweeks@weeksconsulting.us>
wrote:

> For some reason NiFi is trying to use the realm NIFI.COM. I'd search 
> through your config files and your Kerberos Credential Service and see 
> where that's coming from.
>
> Thanks
>
> ´╗┐On 4/17/20, 7:49 AM, "Ganesh, B (Nokia - IN/Bangalore)" < 
> b.ganesh@nokia.com> wrote:
>
>     Hi ,
>
>     no ,
>     default_realm = NOKIA.COM
>
>
>
>     -----Original Message-----
>     From: Shawn Weeks <sweeks@weeksconsulting.us>
>     Sent: Friday, April 17, 2020 5:43 PM
>     To: dev@nifi.apache.org
>     Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
>
>     Can you verify that your KDC Realm is really NIFI.COM and that 
> it's defined in /etc/krb5.conf?
>
>     Thanks
>     Shawn
>
>     On 4/17/20, 5:14 AM, "Ganesh, B (Nokia - IN/Bangalore)" < 
> b.ganesh@nokia.com> wrote:
>
>         Hi ,
>
>         I am facing issue with Nifi 1.11.4  in Kerberos mode  , 
> whereas nifi 1.9.2 not seeing this issue .
>         I am using kdc version as 2.2.5
>
>         Can anybody help me on this ?
>
>         REST call to 
> 'https://10.75.156.102:30088/nifi-api/flow/client-id
> is failed with below error
>
>         java.lang.IllegalArgumentException: The supplied username and 
> password are not valid.}. Returning Bad Request} response."}
>         java.lang.IllegalArgumentException: The supplied username and 
> password are not valid.
>                 at
> org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
>                 at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>                 at java.base/java.lang.Thread.run(Thread.java:834)
>         Caused by:
> org.apache.nifi.authentication.exception.InvalidLoginCredentialsException:
> Kerberos authentication failed
>                 ... 84 common frames omitted
>         Caused by:
> org.springframework.security.authentication.BadCredentialsException:
> Kerberos authentication failed
>                 at
> org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
>                 ... 86 common frames omitted
>         Caused by: javax.security.auth.login.LoginException: Cannot 
> locate KDC
>                 at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
>         .java:59)
>                 ... 88 common frames omitted
>         Caused by: sun.security.krb5.KrbException: Cannot locate KDC
>                 at
> java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:125
> 9)
>
>                 at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
>                 ... 96 common frames omitted
>         Caused by: sun.security.krb5.KrbException: Generic error 
> (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM
>                 at
> java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
>                 at
> java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
>                 ... 101 common frames omitted
>
>
>
>
>
>
>
>
Mime
View raw message