Support Questions

Find answers, ask questions, and share your expertise

NiFi Security Failed on Single Node



I tried to add security to one of my HDF cluster, but failed. So I start with one NiFi local node, but still failed.

Here are my main steps following some web links listed below:

1. Installed nifi 1.5

2. Installed nifi toolkit 1.5

3. Ran toolkit -

./ standalone -n 'localhost' -C 'CN=ML,OU=NIFI' -O -o ../security_output

4. Copied generated keystore, truststore and nifi properties to nifi/config folder

5. Imported the generated certificate to chrome browser

6. Modified authorizers.xml as attached.

7. With required restarts. Now when i enter the below url in the browser, I see the below error.


Insufficient Permissions - home Unknown user with identity 'CN=ML, OU=NIFI'. Contact the system administrator.






<property name="Users File">./conf/users.xml</property>

<property name="Legacy Authorized Users File"></property>

<property name="Initial User Identity 1">CN=ML,OU=NIFI</property>





<property name="User Group Provider">file-user-group-provider</property>

<property name="Authorizations File">./conf/authorizations.xml</property>

<property name="Initial Admin Identity">CN=ML,OU=NIFI</property>

<property name="Legacy Authorized Users File"></property>

<property name="Node Identity 1"></property>



Generated users.xml


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>




<user identifier="10375150-f717-3891-afda-e009d1f1184b" identity="CN=ML,OU=NIFI"/>




Generated authorizations.xml

see attached image



See attached image


See attached image


Some links I referred:

Here are what I tried:

Both nifi-1.5 and nifi-1.8

AWS instance

Local virtual machine (Ubuntu 18.04)

This should be straight but I just can't fig out what I did wrong or what I missed. I have been stuck here for days. Your help is really appreciated.

Thanks a lot.





Master Guru
@Bright Lee


It appears the user string you used in your authorizers.xml file does not match the user DN from the certificate.


The insufficient permissions output you see shows "CN=ML, OU=NIFI"

however you authorizers.xml and generated users,xml shows this as "CN=ML,OU=NIFI"


You will notice you user DN actually has a <space> after the comma.


Just editing your authorizers.xml will not result in your users.xml file being updated. The users.xml and authorization.xml files are only generated one time. If they already exist they are not regenerated or edited via authorizers.xml. I suggest fixing authorizers.xml and removing the users.xml and authorizers.xml files they they are recreated correctly.


Thank you,



If you found this answer addressed your question, please take a moment to login in and click the "ACCEPT" link.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.