Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

JWT token issue while setting up three node NIFI cluster

Labels:
avatar
author-rank Fanxxx
Explorer

Created ‎11-09-2023 01:12 AM

I have created a three node NIFI cluster and the embedded zookeeper is set up and all the three nodes are communicating with each other through heartbeats but when I try to access the NIFI UI I am getting the below error:
Unauthorized error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"

jwt error.png

How do I fix this issue?

4,453 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎12-01-2023 10:45 AM

@Fanxxx 

Do you have a load balancer in front of your NiFi Cluster?
If so, the load balancer needs to be configured to use session persistence (also known as sticky sessions).  That is because when you access node 1 for example and authenticate your user that token is only valid for that specific node (there is a client token and a matching server side key).  If subsequent request/redirect is sent to a different node by the load balancer the node is going to be missing the matching server side key and reject the client token.

Sharing more details about your NiFi security setup and Apache NiFi version is also valuable to those who may provide suggestion in the community.

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

View solution in original post

4,346 Views
0 Kudos
0
3 REPLIES 3

avatar
author-rank dileepkumar_upp
Explorer

Created ‎11-30-2023 03:51 AM

@Fanxxx , issue has been fixed?

if yes, can you share the details to resolve

4,362 Views
0 Kudos

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎12-01-2023 10:45 AM

@Fanxxx 

Do you have a load balancer in front of your NiFi Cluster?
If so, the load balancer needs to be configured to use session persistence (also known as sticky sessions).  That is because when you access node 1 for example and authenticate your user that token is only valid for that specific node (there is a client token and a matching server side key).  If subsequent request/redirect is sent to a different node by the load balancer the node is going to be missing the matching server side key and reject the client token.

Sharing more details about your NiFi security setup and Apache NiFi version is also valuable to those who may provide suggestion in the community.

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

4,347 Views
0 Kudos
0

avatar
author-rank Sullaka
New Contributor

Created on ‎09-24-2024 10:16 AM - edited ‎09-24-2024 10:16 AM

I too faced the same issue, I enabled stickyness on my Load balancer targetGroup and it worked!!

Hompe thims hempls...

2,034 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements