Support Questions

Find answers, ask questions, and share your expertise

HDF 3.4 NIFI & NIFI Registry Integration (secured)

avatar
Contributor

@MattWho please let me know what is missing 

 

HDF 3.4 NIFI & NIFI Registry Integration (secured)

 

2 node (nifi1.abc.com, nifi2.abc.com) nifi cluster is secured 

1 node (registry.abc.com) nifi registry is secured 

 

generated client certs / server certs for nifi & registtry as below 

 

sh /usr/hdf/current/nifi-toolkit/bin/tls-toolkit.sh standalone -B passwd-C 'CN=nifiadmin, OU=NIFI' -n 'nifi1.abc.com,nifi2.abc.com,registry.abc.com' --nifiDnPrefix 'CN=' --nifiDnSuffix ', OU=NIFI' -o /tmp/certs_ssl/ -K passwd -P passwd-S passwd

 

able to access registry with client cert (CN=nifiadmin, OU=NIFI)

able to access nifi cluster with client cert (CN=nifiadmin, OU=NIFI)

 

created a bucket in the registry 

Added Registry to nifi, but when versioning a processor group getting the below error 

 

 

2020-03-27 19:31:22,367 INFO [NiFi Registry Web Server-19] o.a.n.r.w.s.NiFiRegistrySecurityConfig Identity in proxy chain not trusted to act as a proxy: org.apache.nifi.registry.web.security.authentication.exception.UntrustedProxyException: Untrusted proxy [CN=nifi1.abc.com, OU=NIFI]. Returning 403 response.

 

1 ACCEPTED SOLUTION

avatar
Master Mentor

@venkii 

 

You need to login to your secured NiFi-Registry and make sure all your NiFi nodes have been authorized for both the following "Special Privileges":

1. "Read" for "Can Manage Buckets"
2. "Can proxy user requests"

 

Click on wrench icon in upper right corner to manage your users in NiFi-Registry.
Screen Shot 2020-03-30 at 4.17.30 PM.png
Then find your NiFi nodes in the list of USERS and click on the "manage user" pencil icon to the far right side.
Screen Shot 2020-03-30 at 4.17.16 PM.png

 

Hope this helps,

Matt

View solution in original post

4 REPLIES 4

avatar
Contributor

@MattWho i have added both nifi nodes identities, still same error 

 

2020-03-28 03:01:45,150 INFO [NiFi Registry Web Server-12] o.a.n.r.w.s.NiFiRegistrySecurityConfig Identity in proxy chain not trusted to act as a proxy: org.apache.nifi.registry.web.security.authentication.exception.UntrustedProxyException: Untrusted proxy [CN=nifi-node1, OU=NIFI]. Returning 403 response.

 


 

Reg_error.JPG

 

avatar
Contributor

@MattWho 

I am able to add the SSL registry to nifi [nifi controller settings -> Registry Clients -> added registry URL ]

but when i am trying to version a PG, encountering the below error, screenshot attached

 

please advice 

 

venkii_0-1585595247589.png

 

avatar
Master Mentor

@venkii 

 

You need to login to your secured NiFi-Registry and make sure all your NiFi nodes have been authorized for both the following "Special Privileges":

1. "Read" for "Can Manage Buckets"
2. "Can proxy user requests"

 

Click on wrench icon in upper right corner to manage your users in NiFi-Registry.
Screen Shot 2020-03-30 at 4.17.30 PM.png
Then find your NiFi nodes in the list of USERS and click on the "manage user" pencil icon to the far right side.
Screen Shot 2020-03-30 at 4.17.16 PM.png

 

Hope this helps,

Matt

avatar
Contributor

Yes @MattWho, you are awesome, adding the node resolved the issue