Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

JWT token issue while setting up three node NIFI cluster

Labels:
avatar
author-rank Fanxxx
Explorer

Created ‎11-09-2023 01:12 AM

I have created a three node NIFI cluster and the embedded zookeeper is set up and all the three nodes are communicating with each other through heartbeats but when I try to access the NIFI UI I am getting the below error:
Unauthorized error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"

jwt error.png

How do I fix this issue?

3,108 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎12-01-2023 10:45 AM

@Fanxxx 

Do you have a load balancer in front of your NiFi Cluster?
If so, the load balancer needs to be configured to use session persistence (also known as sticky sessions).  That is because when you access node 1 for example and authenticate your user that token is only valid for that specific node (there is a client token and a matching server side key).  If subsequent request/redirect is sent to a different node by the load balancer the node is going to be missing the matching server side key and reject the client token.

Sharing more details about your NiFi security setup and Apache NiFi version is also valuable to those who may provide suggestion in the community.

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

View solution in original post

3,001 Views
0 Kudos
3 REPLIES 3

avatar
author-rank dileepkumar_upp
Explorer

Created ‎11-30-2023 03:51 AM

@Fanxxx , issue has been fixed?

if yes, can you share the details to resolve

3,017 Views
0 Kudos

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎12-01-2023 10:45 AM

@Fanxxx 

Do you have a load balancer in front of your NiFi Cluster?
If so, the load balancer needs to be configured to use session persistence (also known as sticky sessions).  That is because when you access node 1 for example and authenticate your user that token is only valid for that specific node (there is a client token and a matching server side key).  If subsequent request/redirect is sent to a different node by the load balancer the node is going to be missing the matching server side key and reject the client token.

Sharing more details about your NiFi security setup and Apache NiFi version is also valuable to those who may provide suggestion in the community.

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

3,002 Views
0 Kudos

avatar
author-rank Sullaka
New Contributor

Created on ‎09-24-2024 10:16 AM - edited ‎09-24-2024 10:16 AM

I too faced the same issue, I enabled stickyness on my Load balancer targetGroup and it worked!!

Hompe thims hempls...

689 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements