Untrusted proxy CN=rang2, OU=NIFI

asakariayisa — Mon, 21 May 2018 19:14:29 GMT

I am getting error Untrusted proxy CN=rang2, OU=NIFI while trying to log into NiFi UI .

Follow this page I enable SSL for Nifi ,but meet one mistake as he say and can't solve it by myself.

https://community.hortonworks.com/articles/58009/hdf-20-enable-ssl-for-apache-nifi-from-ambari.html

In Ambari UI, I've set Node Identities in Advanced nifi-ambari-ssl-config:

<!-- Provide the identity (typically a DN) of each node when clustered (see tool tip for detailed description of Node Identity). Must be specified when Ranger Nifi plugin will not be used for authorization. -->

<property name="Node Identity 1">CN=rang2, OU=NIFI</property>

And in authorizers.xml, it seems to work:

        <authorizer>
        <identifier>ranger-provider</identifier>


        <class>org.apache.nifi.ranger.authorization.RangerNiFiAuthorizer</class>
        <property name="Ranger Audit Config Path">/usr/hdf/current/nifi/conf/ranger-nifi-audit.xml</property>
        <property name="Ranger Security Config Path">/usr/hdf/current/nifi/conf/ranger-nifi-security.xml</property>
        <property name="Ranger Service Type">nifi</property>
        <property name="Ranger Application Id">nifi</property>
        <property name="Ranger Admin Identity">CN=mytest, OU=NIFI</property>


        <property name="Ranger Kerberos Enabled">true</property>








<!-- Provide the identity (typically a DN) of each node when clustered (see tool tip for detailed description of Node Identity). Must be specified when Ranger Nifi plugin will not be used for authorization. -->


<property name="Node Identity 1">CN=rang2, OU=NIFI</property>


        </authorizer>
        </authorizers>

But this error happened when I set policies by Ranger UI and try to login nifi. Any suggestions?

Re: Untrusted proxy CN=rang2, OU=NIFI

MattWho — Tue, 22 May 2018 02:30:31 GMT

@wang ling

The "<propertyname="Node Identity 1">CN=rang2, OU=NIFI</property>" property in the authorizers.xml is only used when using NiFi's default file based authorization provider. It does not apply when using Ranger as your authorization provider.

In Ranger, you will need to make sure the user "CN=rang2, OU=NIFI" exists and has been give access to the "/proxy" NiFi Resource Identifier.

Thank you,

Matt

If you found this answer addressed your question, please take moment to login and click "accept" below the answer.

Re: Untrusted proxy CN=rang2, OU=NIFI

asakariayisa — Tue, 22 May 2018 09:00:21 GMT

Thanks, followed your advice I've solved this problem. I didn't realize that nifi host should also authoried by Ranger.

question Re: Untrusted proxy CN=rang2, OU=NIFI in Archives of Support Questions (Read Only)

Untrusted proxy CN=rang2, OU=NIFI

Re: Untrusted proxy CN=rang2, OU=NIFI

Re: Untrusted proxy CN=rang2, OU=NIFI