question Re: Setting User Login for my Apache NiFi in Support Questions

Setting User Login for my Apache NiFi

MvZ — Tue, 20 Feb 2024 06:32:24 GMT

I'm just installing Apache Nifi on linux server with version 1.25 .

this is my nifi.properties :

#nifi.security=none #nifi.security.autoreload.enabled=false #nifi.security.autoreload.interval=10 secs #nifi.security.keystore= #nifi.security.keystoreType=PKCS12 #nifi.security.keystorePasswd= #nifi.security.keyPasswd= #nifi.security.truststore= #nifi.security.truststoreType=PKCS12 #nifi.security.truststorePasswd= #nifi.security.user.authorizer= nifi.security.allow.anonymous.authentication=false nifi.security.user.login.identity.provider=file-login-provider #nifi.security.user.jws.key.rotation.period=PT1H #nifi.security.ocsp.responder.url= #nifi.security.ocsp.responder.certificate=

this is my users.xml :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <tenants> <users>  <user identifier="ronald"> <identity>ronald</identity>  <credential>wyojiYY_R6FGaU-XZKg5K9Mai1NlZXizt_-KGyWsHBs=</credential> </user> </users> <groups>  </groups> <policies>  </policies> </tenants>

and this is my authorizers.xml :

... <policies>  <policy identifier="ronald_policy"> <resource>/flow</resource> <action>read</action> <action>write</action> <action>delete</action> <user>ronald</user> </policy> </policies> </authorizers>

I still got an error when starting the app :

Caused by: java.lang.Exception: The specified login identity provider 'file-login-provider' could not be found. at org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean.getObject(LoginIdentityProviderFactoryBean.java:131) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:169) ... 72 common frames omitted 2024-02-20 13:18:04,241 INFO [Thread-0] org.apache.nifi.NiFi Application Server shutdown started

Re: Setting User Login for my Apache NiFi

VidyaSargur — Tue, 20 Feb 2024 08:35:17 GMT

@MvZ, Welcome to our community! To help you get the best possible answer, I have tagged our NiFi experts @MattWho @SAMSAL @cotopaul @TimothySpann who may be able to assist you further.

Please feel free to provide any additional information or details about your query, and we hope that you will find a satisfactory solution to your question.

Re: Setting User Login for my Apache NiFi

TimothySpann — Tue, 20 Feb 2024 13:55:09 GMT

file-login-provider is no longer a thing, maybe do single user

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication

https://community.cloudera.com/t5/Support-Questions/Apache-NiFi-user-authentication-creation-of-multiple-users/m-p/378285

nifi.security.user.login.identity.provider=single-user-provider

Re: Setting User Login for my Apache NiFi

MattWho — Mon, 04 Mar 2024 16:09:35 GMT

@MvZ

The "file-login-provider" login identity-provider has never existed in any out-of-the-box release of Apache NiFi.

If you have created or downloaded some custom implementation of this provider. You would need to consult with that author in getting it to work.
Where did you obtain this provider from and what process did you follow to add it to your NiFi installation?

The exception you have shared simply tells you that during startup NiFi is loading the nifi.properties file and the property "nifi.security.user.login.identity.provider" is configured with "file-login-provider"; however, when NiFi parsed the login-identity-providers.xml configuration file, no provider with:

<identifier>file-login-provider</identifier>

was found in that configuration file.

I can't provide any guidance on this provider as I was unable to find anything online about what I am expecting is a custom add-on provider.

The out-of-the-box available authentication providers are found in the NiFi documentation here:
Apache NiFi 1.2x versions: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication
Apache NiFi 2.x versions: https://nifi.apache.org/documentation/nifi-2.0.0-M1/html/administration-guide.html#user_authentication

NiFi Authentication and Authorization are two different configurations and independent configurations.
Once you have chosen how you want to handle user authentication, you then move on to setting up user authorization:
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#multi-tenant-authorization.

For file based authorization, NiFi offers two providers:
1. Older deprecated FileAuthorizer
2. The current StandardManagedAuthorizer

These providers are configured in the NiFi authorizers.xml file. No direct useer policies get defined in the authorizers.xml file. The FileAuthorizer or the FileAccessPolicyProvider referenced by the StandardManagedAuthorizer will generate the initial authorizations.xml file with the initial admin user configured in the provider chosen. You would not typically manually generate or manipulate this file. Instead you would acces your NiFi's UI using that initial admin and define additional user authorizations directly via the NiFi UI.

Here is an example of what you would have in your authorizers.xml if using the StandardManagedAuthorizer:

<authorizers>
    <userGroupProvider>
        <identifier>file-user-group-provider</identifier>
        <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
        <property name="Users File">./conf/users.xml</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Initial User Identity 1">ronald</property>
    </userGroupProvider>
    <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
        <property name="User Group Provider">file-user-group-provider</property>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Initial Admin Identity">ronald</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Node Identity 1"></property>
    </accessPolicyProvider>
    <authorizer>
        <identifier>managed-authorizer</identifier>
        <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
        <property name="Access Policy Provider">file-access-policy-provider</property>
    </authorizer>
</authorizers>

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt