Support Questions
Find answers, ask questions, and share your expertise

Error:Not authorized for the requested resource. Contact the system administrator while testing connection for ranger with nifi

Hi All,

We have installed nifi in hdp cluster with security enabled i.e SSL enabled and integrated with ldap.

Now we are working on ranger integration with nifi,We created policy for nifi in ranger but while testing we are getting error.

When we tried from server using curl command we are getting error

Command we are running:curl -k -X GET 'https://<hostname>:9995/nifi-api/resources'

ERROR:Not authorized for the requested resource. Contact the system administrator

2 REPLIES 2

Master Guru

@murthy kurra

Your curl command is not passing any user info for authorization in it.

If you extract your certificate from the keystore setup in Ranger, your curl command would look something like:

curl -kv -cert <client user>:<cert password> https://<hostname>:9995/nifi-api/resources

I am assuming you have setup NiFi in your ranger "Service Manager". The "Config properties:" for that service in Ranger requires you to provide a NiFi URL, keystore, truststore, etc..

When you click "Test Connection", I am guessing you are getting a not authorized response?

So the client certificate from the supplied keystore is being sent to NiFi for authentication. If NiFi mutual trust (NiFi trusts client cert and Ranger trusts NiFi server cert) is successful, NiFi then tries to communicate with Ranger to verify if that "client user" is authorized to access the /nifi-apr/resources endpoint.

You should have a Ranger Policy within the NiFi service that grants the "client user" here "read" permissions to the "/resources" NiFi Resource Identifier.

Note that with a NiFi cluster all the NiFi nodes will need to authorized as well for the "/proxy" NiFi resource Identifier.

Hope this helps,

thanks,

Matt

Contributor

@murthy kurra,

I am also experiencing the same issue. Please let me know how did you resolve this issue?

Thanks in advance.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.