Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

HDF 3.4 nifi new cluster self signed ssl enabled - unable to login nifi with cert "Insufficient Permissions"

avatar
Contributor

@MattWho 

unable to log in seems authorization issue whereas cert authentication is successful. for initial admin cert user.

 

 

HDF 3.4 nifi new cluster self-signed ssl enabled - unable to login nifi with cert "Insufficient Permissions"

 

Insufficient Permissions

No applicable policies could be found. Contact the system administrator.

 

nifi-user.log:

 

2020-03-26 04:47:13,898 INFO [NiFi Web Server-17] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=nifiadmin, OU=NIFI) GET https://lpappnifixx:9091/nifi-api/flow/current-user (source ip: 72.191.44.165)
2020-03-26 04:47:13,899 INFO [NiFi Web Server-17] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=nifiadmin, OU=NIFI
2020-03-26 04:47:13,901 INFO [NiFi Web Server-17] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[CN=nifiadmin, OU=NIFI], groups[] does not have permission to access the requested resource. No applicable policies could be found. Returning Forbidden response.

 

ssl.JPG

 

 

 

1 ACCEPTED SOLUTION

avatar
Super Mentor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
5 REPLIES 5

avatar
Contributor

Authorization.xml and user.xml are empty

 

cat authorizations.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<authorizations>
<policies/>
</authorizations>

 

cat users.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<tenants>
<groups/>
<users/>
</tenants>

avatar
Contributor

found quote in node identities, update and restarted the Nifi

 

now i am seeing different issue on node 1 though user.xml & auth.xml have data now with ssl cert intial admin 

 

cert generate as below :

sh /usr/hdf/current/nifi-toolkit/bin/tls-toolkit.sh standalone -B test12456@1234 -C 'CN=nifiadmin, OU=NIFI' -n 'lpappnifi002.node2.com,lpappnifi001.node1.com' --nifiDnPrefix 'CN=' --nifiDnSuffix ', OU=NIFI' -o /tmp/certs_ssl/ -K test12456@1234 -P test12456@1234 -S test12456@1234

 

ERROR: NIFI GUI from both UI's : Cannot replicate request to Node lpappnifi001.node1.com:8080 because the node is not connected

 

 

2020-03-26 07:14:48,604 INFO [Clustering Tasks Thread-2] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-03-26 07:14:48,469 and sent to lpappnifi001.node1.com:9088 at 2020-03-26 07:14:48,604; send took 134 millis
2020-03-26 07:14:50,892 INFO [Process Cluster Protocol Request-22] o.a.n.c.p.impl.SocketProtocolListener Finished processing request 09618070-4644-4e7e-b377-bb065453642d (type=HEARTBEAT, length=4880 bytes) from lpappnifi002.slower.ai:9091 in 128 millis
2020-03-26 07:14:53,740 INFO [Process Cluster Protocol Request-23] o.a.n.c.p.impl.SocketProtocolListener Finished processing request e4388aba-d0f1-4bcc-9fc4-11787f2ccea9 (type=HEARTBEAT, length=4881 bytes) from lpappnifi001.node1.com:9091 in 133 millis
2020-03-26 07:14:53,741 INFO [Clustering Tasks Thread-2] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-03-26 07:14:53,604 and sent to lpappnifi001.node1.com:9088 at 2020-03-26 07:14:53,741; send took 136 millis

 

 

 

Is this a cert issue? where the node 2 is unable to trust node 1?

avatar
Contributor

@MattWho 

i also noticed below error message from nifi-user.log

 

 


2020-03-26 14:48:14,119 INFO [NiFi Web Server-20] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: OpenId Connect is not configured.. Returning Conflict response.
2020-03-26 14:48:14,576 INFO [NiFi Web Server-16] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=nifiadmin, OU=NIFI) GET https://lpappnifi001.xxxx:9091/nifi-api/flow/current-user (source ip: 72.191.44.165)
2020-03-26 14:48:14,577 INFO [NiFi Web Server-16] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=nifiadmin, OU=NIFI
2020-03-26 14:48:14,586 INFO [NiFi Web Server-16] o.a.n.w.a.c.IllegalClusterStateExceptionMapper org.apache.nifi.cluster.manager.exception.IllegalClusterStateException: Cannot replicate request to Node lpappnifi001.xxx:8080 because the node is not connected. Returning Conflict response.

avatar
Super Mentor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Contributor

exactly, for some reason though my nifi is 2 nodes secured cluster when I logged in it shows 4 nodes . two with secured and two with unsecured ports. stopped and followed the shared process. It came up clean.