Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

JWT token issue while setting up three node NIFI cluster

Labels:
avatar
author-rank Fanxxx
Explorer

Created ‎11-09-2023 01:12 AM

I have created a three node NIFI cluster and the embedded zookeeper is set up and all the three nodes are communicating with each other through heartbeats but when I try to access the NIFI UI I am getting the below error:
Unauthorized error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"

jwt error.png

How do I fix this issue?

1,323 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank MattWho author-rank
Super Mentor

Created ‎12-01-2023 10:45 AM

@Fanxxx 

Do you have a load balancer in front of your NiFi Cluster?
If so, the load balancer needs to be configured to use session persistence (also known as sticky sessions).  That is because when you access node 1 for example and authenticate your user that token is only valid for that specific node (there is a client token and a matching server side key).  If subsequent request/redirect is sent to a different node by the load balancer the node is going to be missing the matching server side key and reject the client token.

Sharing more details about your NiFi security setup and Apache NiFi version is also valuable to those who may provide suggestion in the community.

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

View solution in original post

1,216 Views
0 Kudos
2 REPLIES 2

avatar
author-rank dileepkumar_upp
Explorer

Created ‎11-30-2023 03:51 AM

@Fanxxx , issue has been fixed?

if yes, can you share the details to resolve

1,232 Views
0 Kudos

avatar
author-rank MattWho author-rank
Super Mentor

Created ‎12-01-2023 10:45 AM

@Fanxxx 

Do you have a load balancer in front of your NiFi Cluster?
If so, the load balancer needs to be configured to use session persistence (also known as sticky sessions).  That is because when you access node 1 for example and authenticate your user that token is only valid for that specific node (there is a client token and a matching server side key).  If subsequent request/redirect is sent to a different node by the load balancer the node is going to be missing the matching server side key and reject the client token.

Sharing more details about your NiFi security setup and Apache NiFi version is also valuable to those who may provide suggestion in the community.

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

1,217 Views
0 Kudos
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera Data Services 1.5.4 on Private Cloud Rel...
What's New @ Cloudera
Run your Apache NiFi and Apache Kafka workloads on Kubernete...
What's New @ Cloudera
Cloudera DataFlow now powers GenAI pipelines and supports ch...
Community Announcements
May 2024 Community Highlights
What's New @ Cloudera
Cloudera Operational Database (COD) supports instance group ...
View More Announcements
meetups banner