Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Insufficient Permissions - Untrusted proxy CN=w-nifi-inf-wf02.dev.Company.com, OU=OCIO, O=Company

avatar
Contributor

Insufficient Permissions - Untrusted proxy CN=w-nifi-inf-wf02.dev.Company.com, OU=OCIO, O=Company

 

-New 2-Node Cluster
-SAML is working fine
-Cluster is communicating fine

-I have checked the user log and the DN is exactly the same as the authorizers below:


<authorizers>
<userGroupProvider>
<identifier>file-user-group-provider</identifier>
<class>org.apache.nifi.authorization.FileUserGroupProvider</class>
<property name="Users File">./conf/users.xml</property>
<property name="Legacy Authorized Users File"></property>

<property name="Initial User Identity 1">user1</property>
<property name="Initial User Identity 2">CN=w-nifi-inf-wf02.dev.Company.com, OU=OCIO, O=Company</property>
<property name="Initial User Identity 3">CN=w-nifi-inf-wf03.dev.Company.com, OU=OCIO, O=Company</property>
</userGroupProvider>
<accessPolicyProvider>
<identifier>file-access-policy-provider</identifier>
<class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
<property name="User Group Provider">file-user-group-provider</property>
<property name="Authorizations File">./conf/authorizations.xml</property>
<property name="Initial Admin Identity">user1</property>
<property name="Legacy Authorized Users File"></property>
<property name="Node Identity 1">CN=w-nifi-inf-wf02.dev.Company.com, OU=OCIO, O=Company</property>
<property name="Node Identity 2">CN=w-nifi-inf-wf03.dev.Company.com, OU=OCIO, O=Company</property>
</accessPolicyProvider>
<authorizer>
<identifier>managed-authorizer</identifier>
<class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
<property name="Access Policy Provider">file-access-policy-provider</property>
</authorizer>
</authorizers>

1 ACCEPTED SOLUTION

avatar
Contributor

Deleted users and authorizations allowing all to be rebuilt.  Also needed to enable VIP persistence.  

View solution in original post

1 REPLY 1

avatar
Contributor

Deleted users and authorizations allowing all to be rebuilt.  Also needed to enable VIP persistence.