Created on 03-27-2020 03:31 PM - last edited on 03-27-2020 03:36 PM by ask_bill_brooks
@MattWho please let me know what is missing
HDF 3.4 NIFI & NIFI Registry Integration (secured)
2 node (nifi1.abc.com, nifi2.abc.com) nifi cluster is secured
1 node (registry.abc.com) nifi registry is secured
generated client certs / server certs for nifi & registtry as below
sh /usr/hdf/current/nifi-toolkit/bin/tls-toolkit.sh standalone -B passwd-C 'CN=nifiadmin, OU=NIFI' -n 'nifi1.abc.com,nifi2.abc.com,registry.abc.com' --nifiDnPrefix 'CN=' --nifiDnSuffix ', OU=NIFI' -o /tmp/certs_ssl/ -K passwd -P passwd-S passwd
able to access registry with client cert (CN=nifiadmin, OU=NIFI)
able to access nifi cluster with client cert (CN=nifiadmin, OU=NIFI)
created a bucket in the registry
Added Registry to nifi, but when versioning a processor group getting the below error
2020-03-27 19:31:22,367 INFO [NiFi Registry Web Server-19] o.a.n.r.w.s.NiFiRegistrySecurityConfig Identity in proxy chain not trusted to act as a proxy: org.apache.nifi.registry.web.security.authentication.exception.UntrustedProxyException: Untrusted proxy [CN=nifi1.abc.com, OU=NIFI]. Returning 403 response.
Created 03-30-2020 01:20 PM
You need to login to your secured NiFi-Registry and make sure all your NiFi nodes have been authorized for both the following "Special Privileges":
1. "Read" for "Can Manage Buckets"
2. "Can proxy user requests"
Click on wrench icon in upper right corner to manage your users in NiFi-Registry.
Then find your NiFi nodes in the list of USERS and click on the "manage user" pencil icon to the far right side.
Hope this helps,
Matt
Created on 03-27-2020 08:08 PM - edited 03-27-2020 08:09 PM
@MattWho i have added both nifi nodes identities, still same error
2020-03-28 03:01:45,150 INFO [NiFi Registry Web Server-12] o.a.n.r.w.s.NiFiRegistrySecurityConfig Identity in proxy chain not trusted to act as a proxy: org.apache.nifi.registry.web.security.authentication.exception.UntrustedProxyException: Untrusted proxy [CN=nifi-node1, OU=NIFI]. Returning 403 response.
Created 03-30-2020 12:09 PM
I am able to add the SSL registry to nifi [nifi controller settings -> Registry Clients -> added registry URL ]
but when i am trying to version a PG, encountering the below error, screenshot attached
please advice
Created 03-30-2020 01:20 PM
You need to login to your secured NiFi-Registry and make sure all your NiFi nodes have been authorized for both the following "Special Privileges":
1. "Read" for "Can Manage Buckets"
2. "Can proxy user requests"
Click on wrench icon in upper right corner to manage your users in NiFi-Registry.
Then find your NiFi nodes in the list of USERS and click on the "manage user" pencil icon to the far right side.
Hope this helps,
Matt
Created 03-30-2020 10:10 PM
Yes @MattWho, you are awesome, adding the node resolved the issue