Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

MiNiFi agent cannot connect to secure EFM

Labels:
avatar
author-rank nur.majid
Contributor

Created ‎05-23-2022 02:12 AM

Hi, I've been successfully secure EFM to Keycloak server with oidc auth. But Minifi agent wont show up in EFM Dashboard. I've check both EFM and minifi log but not found any clues. Need your help. 

Screenshot at May 23 15-56-51.png


Here my conf/efm.properties config:

# Web Server TLS Properties
efm.server.ssl.enabled=true
efm.server.ssl.keyStore=/home/efm/certs/keystore.jks
efm.server.ssl.keyStoreType=jks
efm.server.ssl.keyStorePassword=ksPasswd
efm.server.ssl.keyPassword=ksPasswd
efm.server.ssl.trustStore=/home/efm/certs/truststore.jks
efm.server.ssl.trustStoreType=jks
efm.server.ssl.trustStorePassword=changeit
efm.server.ssl.clientAuth=WANT

# User Authentication Properties
efm.security.user.auth.enabled=true
efm.security.user.auth.adminIdentities=admin
efm.security.user.auth.autoRegisterNewUsers=true
efm.security.user.auth.authTokenExpiration=12h

efm.security.user.certificate.enabled=true

efm.security.user.oidc.enabled=true
efm.security.user.oidc.issuerUri=https://keycloak.domain.com:8443/realms/efm
efm.security.user.oidc.clientId=efm
efm.security.user.oidc.clientSecret=gW23NlKxOfdsFmJMiarFNcXs454g1Zk4ZTew4
efm.security.user.oidc.scopes=profile,email
efm.security.user.oidc.usernameAttribute=email
efm.security.user.oidc.displayNameAttribute=name
efm.security.user.oidc.staticConfig.enabled=false
efm.security.user.oidc.staticConfig.authorizationUri=
efm.security.user.oidc.staticConfig.tokenUri=
efm.security.user.oidc.staticConfig.userInfoUri=
efm.security.user.oidc.staticConfig.jwkSetUri=


Minifi conf/bootstrap.conf:

# Security Properties #
# These properties take precedence over any equivalent properties specified in config.yml #
nifi.minifi.security.keystore=/home/minifi/certs/keystore.jks
nifi.minifi.security.keystoreType=jks
nifi.minifi.security.keystorePasswd=ksPasswd
nifi.minifi.security.keyPasswd=ksPasswd
nifi.minifi.security.truststore=/home/minifi/certs/truststore.jks
nifi.minifi.security.truststoreType=jks
nifi.minifi.security.truststorePasswd=changeit
nifi.minifi.security.ssl.protocol=TLSv1.2

nifi.minifi.sensitive.props.key=myEfmPassword123456
nifi.minifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.minifi.sensitive.props.provider=BC

# MiNiFi Command & Control Configuration
# C2 Properties
# Enabling C2 Uncomment each of the following options
# define those with missing options
nifi.c2.enable=true
## define protocol parameters
nifi.c2.rest.url=https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat
nifi.c2.rest.url.ack=https://efm.domain.com:10090/efm/api/c2-protocol/acknowledge
## heartbeat in milliseconds. defaults to once a second
nifi.c2.agent.heartbeat.period=1000
## define parameters about your agent
nifi.c2.agent.class=java-linux
# Optional. Defaults to a hardware based unique identifier
nifi.c2.agent.identifier=ip221
## Define TLS security properties for C2 communications
nifi.c2.security.truststore.location=/home/minifi/certs/truststore.jks
nifi.c2.security.truststore.password=changeit
nifi.c2.security.truststore.type=JKS
nifi.c2.security.keystore.location=/home/minifi/certs/keystore.jks
nifi.c2.security.keystore.password=ksPasswd
nifi.c2.security.keystore.type=JKS
nifi.c2.security.need.client.auth=true

Minifi Logs:

$ tail -f logs/minifi-bootstrap.log
2022-05-23 15:15:24,241 INFO [MiNiFi Bootstrap Command Listener] o.apache.nifi.minifi.bootstrap.RunMiNiFi The thread to run Apache MiNiFi is now running and listening for Bootstrap requests on port 37443
2022-05-23 15:15:29,119 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat
2022-05-23 15:15:29,813 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat
2022-05-23 15:15:30,803 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat
2022-05-23 15:15:31,784 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat
2022-05-23 15:15:32,778 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat
2022-05-23 15:15:33,782 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat
2022-05-23 15:15:34,779 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat
2022-05-23 15:15:35,773 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat
2022-05-23 15:15:36,778 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat
2022-05-23 15:15:37,776 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat
2022-05-23 15:15:38,771 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat

 

 

 

EFM version efm-1.4.0.0-125

MiNiFi version minifi-0.6.0.1.3.1.0-68

References:

Agent authentication (cloudera.com)

https://nizan-shookroun.medium.com/install-and-configure-minifi-agents-f22a0cc09622

 

699 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank nur.majid
Contributor

Created ‎05-23-2022 08:05 PM

I answer my own question. This is due to wrong user login format. It should be in email format.
Change this 

efm.security.user.auth.adminIdentities=admin

to

efm.security.user.auth.adminIdentities=admin@domain.com


Thank you.

View solution in original post

665 Views
0 Kudos
1 REPLY 1

avatar
author-rank nur.majid
Contributor

Created ‎05-23-2022 08:05 PM

I answer my own question. This is due to wrong user login format. It should be in email format.
Change this 

efm.security.user.auth.adminIdentities=admin

to

efm.security.user.auth.adminIdentities=admin@domain.com


Thank you.

666 Views
0 Kudos
webinar banner
Announcements
Community Announcements
April 2024 Community Highlights
Community Announcements
January 2024 Community Highlights
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
View More Announcements
meetups banner