nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Howell <scotthow...@mobilgov.com>
Subject Re: Getting Untrusted Proxy when logging into cluster
Date Fri, 30 Mar 2018 14:50:42 GMT
Here is my authorizations.xml 

<authorizations>
    <policies>
        <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f" resource="/flow" action="R">
            <user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
        </policy>
        <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515" resource="/restricted-components"
action="W">
            <user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
        </policy>
        <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7" resource="/tenants" action="R">
            <user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
        </policy>
        <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5" resource="/tenants" action="W">
            <user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
        </policy>
        <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212" resource="/policies"
action="R">
            <user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
        </policy>
        <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d" resource="/policies"
action="W">
            <user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
        </policy>
        <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03" resource="/controller"
action="R">
            <user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
        </policy>
        <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf" resource="/controller"
action="W">
            <user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
        </policy>
        <policy identifier="287edf48-da72-359b-8f61-da5d4c45a270" resource="/proxy" action="W">
            <user identifier="20f01804-bad9-3baf-9ebb-5846ae8e7425"/>
            <user identifier="ce02b3e3-68ff-3bc1-9001-6a66b26db1f9"/>
            <user identifier="c0ae0a6d-d80a-39ce-aa5e-b519066ffefe"/>
        </policy>
    </policies>
</authorizations>

> On Mar 30, 2018, at 9:48 AM, Pierre Villard <pierre.villard.fr@gmail.com> wrote:
> 
> Hi Scott,
> 
> Can you have a look at the authorizations.xml file? (and share the content of it to confirm
that node users are given the proxy authorizations?)
> 
> Thanks!
> 
> 2018-03-30 16:15 GMT+02:00 Scott Howell <scotthowell@mobilgov.com <mailto:scotthowell@mobilgov.com>>:
> I am nearing the finish line of setting up a cluster using a self-signed cert. 
> 
> When trying to login to the cluster after the cluster comes up I am able to see in the
logs that my initial admin user is able to login. 
> 
> Once that takes place I get an “Untrusted proxy” error on both the UI and in the
nifi-user.log.
> 
> This is what I see in the UI: Untrusted proxy CN="nifi-2.dev.{redacted}.com, OU=Nifi”
> 
> In my authorizers.xml I have this:
> <authorizers>
>   <authorizer>
>     <identifier>file-provider</identifier>
>     <class>org.apache.nifi.authorization.FileAuthorizer</class>
>     <property name="Authorizations File">/opt/config/authorizations.xml</property>
>     <property name="Users File">/opt/config/users.xml</property>
>     <property name="Initial Admin Identity">uid=scott,ou=users,dc={redacted},dc=com</property>
>     <property name="Legacy Authorized Users File"></property>
> 
>     <property name="Node Identity 1">CN=nifi-1.dev.{redacted}.com, OU=Nifi</property>
>     <property name="Node Identity 2">CN=nifi-2.dev.{redacted}.com, OU=Nifi</property>
>     <property name="Node Identity 3">CN=nifi-3.dev.{redacted}.com, OU=Nifi</property>
>   </authorizer>
> </authorizers>
> 
> On the nodes I am seeing this in my  user.xml
> <tenants>
>     <groups/>
>     <users>
>         <user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53" identity="uid=scott,ou=users,dc={redacted},dc=com"/>
>         <user identifier="20f01804-bad9-3baf-9ebb-5846ae8e7425" identity="CN=nifi-1.dev.{redacted}.com,
OU=Nifi"/>
>         <user identifier="ce02b3e3-68ff-3bc1-9001-6a66b26db1f9" identity="CN=nifi-2.dev.{redacted}.com,
OU=Nifi"/>
>         <user identifier="c0ae0a6d-d80a-39ce-aa5e-b519066ffefe" identity="CN=nifi-3.dev.{redacted}.com,
OU=Nifi"/>
>     </users>
> </tenants>
> 
> I believe the issue is with where the “ is in my error "Untrusted proxy CN="nifi-2.dev.mobilgov.com
<http://nifi-2.dev.mobilgov.com/>, OU=Nifi”” but I am not able to figure out where
that quotation is coming from because I can’t find it in anywhere.
> 
> Was wondering if anyone has had issues with this before.
> 
> Scott
> 


Mime
View raw message