Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HDF 3.4 NIFI & NIFI Registry Integration (secured)

Solved Go to solution
Highlighted

HDF 3.4 NIFI & NIFI Registry Integration (secured)

Contributor

@MattWho please let me know what is missing 

 

HDF 3.4 NIFI & NIFI Registry Integration (secured)

 

2 node (nifi1.abc.com, nifi2.abc.com) nifi cluster is secured 

1 node (registry.abc.com) nifi registry is secured 

 

generated client certs / server certs for nifi & registtry as below 

 

sh /usr/hdf/current/nifi-toolkit/bin/tls-toolkit.sh standalone -B passwd-C 'CN=nifiadmin, OU=NIFI' -n 'nifi1.abc.com,nifi2.abc.com,registry.abc.com' --nifiDnPrefix 'CN=' --nifiDnSuffix ', OU=NIFI' -o /tmp/certs_ssl/ -K passwd -P passwd-S passwd

 

able to access registry with client cert (CN=nifiadmin, OU=NIFI)

able to access nifi cluster with client cert (CN=nifiadmin, OU=NIFI)

 

created a bucket in the registry 

Added Registry to nifi, but when versioning a processor group getting the below error 

 

 

2020-03-27 19:31:22,367 INFO [NiFi Registry Web Server-19] o.a.n.r.w.s.NiFiRegistrySecurityConfig Identity in proxy chain not trusted to act as a proxy: org.apache.nifi.registry.web.security.authentication.exception.UntrustedProxyException: Untrusted proxy [CN=nifi1.abc.com, OU=NIFI]. Returning 403 response.

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: HDF 3.4 NIFI & NIFI Registry Integration (secured)

Master Guru

@venkii 

 

You need to login to your secured NiFi-Registry and make sure all your NiFi nodes have been authorized for both the following "Special Privileges":

1. "Read" for "Can Manage Buckets"
2. "Can proxy user requests"

 

Click on wrench icon in upper right corner to manage your users in NiFi-Registry.
Screen Shot 2020-03-30 at 4.17.30 PM.png
Then find your NiFi nodes in the list of USERS and click on the "manage user" pencil icon to the far right side.
Screen Shot 2020-03-30 at 4.17.16 PM.png

 

Hope this helps,

Matt

View solution in original post

4 REPLIES 4

Re: HDF 3.4 NIFI & NIFI Registry Integration (secured)

Contributor

@MattWho i have added both nifi nodes identities, still same error 

 

2020-03-28 03:01:45,150 INFO [NiFi Registry Web Server-12] o.a.n.r.w.s.NiFiRegistrySecurityConfig Identity in proxy chain not trusted to act as a proxy: org.apache.nifi.registry.web.security.authentication.exception.UntrustedProxyException: Untrusted proxy [CN=nifi-node1, OU=NIFI]. Returning 403 response.

 


 

Reg_error.JPG

 

Highlighted

Re: HDF 3.4 NIFI & NIFI Registry Integration (secured)

Contributor

@MattWho 

I am able to add the SSL registry to nifi [nifi controller settings -> Registry Clients -> added registry URL ]

but when i am trying to version a PG, encountering the below error, screenshot attached

 

please advice 

 

venkii_0-1585595247589.png

 

Highlighted

Re: HDF 3.4 NIFI & NIFI Registry Integration (secured)

Master Guru

@venkii 

 

You need to login to your secured NiFi-Registry and make sure all your NiFi nodes have been authorized for both the following "Special Privileges":

1. "Read" for "Can Manage Buckets"
2. "Can proxy user requests"

 

Click on wrench icon in upper right corner to manage your users in NiFi-Registry.
Screen Shot 2020-03-30 at 4.17.30 PM.png
Then find your NiFi nodes in the list of USERS and click on the "manage user" pencil icon to the far right side.
Screen Shot 2020-03-30 at 4.17.16 PM.png

 

Hope this helps,

Matt

View solution in original post

Highlighted

Re: HDF 3.4 NIFI & NIFI Registry Integration (secured)

Contributor

Yes @MattWho, you are awesome, adding the node resolved the issue

Don't have an account?
Coming from Hortonworks? Activate your account here