https://community.cloudera.com/t5/Support-Questions/Getting-quot-No-applicable-policies-could-be-found-Contact/m-p/202329#M164335 <P>Based on all this info, it sounds like you have an identity mapping setup that maps your certificate identity like "CN=myuser, OU=xyz" to just "myuser". You can setup another identity mapping to handle kerberos identities...</P><P>Something like this would map "myuser@myrealm" to "myuser"</P><P># nifi.security.identity.mapping.pattern.kerb=^(.*?)/instance@(.*?)$<BR /># nifi.security.identity.mapping.value.kerb=$1</P> Sat, 20 Jan 2018 04:18:21 GMT bbende 2018-01-20T04:18:21Z