Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Nifi don't show any login screen with ldap-provider

Solved Go to solution

Nifi don't show any login screen with ldap-provider

Expert Contributor

Hello,

I'm doing some test with a nifi cluster (HDF 3), and I wanted to configure ldap as authentication service, I've not configured SSL yet but I would like to test the ldap authentication.

But when I try to access the cluster it directly logs me as anonymous and I can see the flows without any login screen.

My configuration is the following

login-identity-providers.xml

            <provider>
  <identifier>ldap-provider</identifier>
  <class>org.apache.nifi.ldap.LdapProvider</class>
  <property name="Identity Strategy">USE_USERNAME</property>
  <property name="Authentication Strategy">SIMPLE</property>
  <property name="Manager DN">cn=Manager,dc=nifi,dc=int</property>
  <property encryption="aes/gcm/256" name="Manager Password">mIV4TPuSpfOGzd3E||FZnVyewmvoWGEmf1sF5cCTCy4tztrwo</property>
  <property name="TLS - Keystore"/>
  <property name="TLS - Keystore Password"/>
  <property name="TLS - Keystore Type"/>
  <property name="TLS - Truststore"/>
  <property name="TLS - Truststore Password"/>
  <property name="TLS - Truststore Type"/>
  <property name="TLS - Client Auth"/>
  <property name="TLS - Protocol"/>
  <property name="TLS - Shutdown Gracefully"/>
  <property name="Referral Strategy">FOLLOW</property>
  <property name="Connect Timeout">10 secs</property>
  <property name="Read Timeout">10 secs</property>
  <property name="Url">ldap://node03.nifi.int:389</property>
  <property name="User Search Base">ou=Users,dc=nifi,dc=int</property>
  <property name="User Search Filter">uid={0}</property>
  <property name="Authentication Expiration">12 hours</property>
</provider>


nifi.properties:

# Generated by Apache Ambari. Tue Sep 12 12:27:33 2017


nifi.administrative.yield.duration=30 sec
nifi.authorizer.configuration.file=/usr/hdf/current/nifi/conf/authorizers.xml
nifi.bored.yield.duration=10 millis
nifi.cluster.flow.election.max.candidates=3
nifi.cluster.flow.election.max.wait.time=5 mins
nifi.cluster.is.node=true
nifi.cluster.node.address=node01.nifi.int
nifi.cluster.node.connection.timeout=5 sec
nifi.cluster.node.event.history.size=25
nifi.cluster.node.protocol.max.threads=
nifi.cluster.node.protocol.port=9088
nifi.cluster.node.protocol.threads=10
nifi.cluster.node.read.timeout=5 sec
nifi.cluster.protocol.heartbeat.interval=5 sec
nifi.cluster.protocol.is.secure=False
nifi.components.status.repository.buffer.size=1440
nifi.components.status.repository.implementation=org.apache.nifi.controller.status.history.VolatileComponentStatusRepository
nifi.components.status.snapshot.frequency=1 min
nifi.content.claim.max.appendable.size=10 MB
nifi.content.claim.max.flow.files=100
nifi.content.repository.always.sync=false
nifi.content.repository.archive.enabled=true
nifi.content.repository.archive.max.retention.period=12 hours
nifi.content.repository.archive.max.usage.percentage=50%
nifi.content.repository.directory.default=/var/lib/nifi/content_repository
nifi.content.repository.implementation=org.apache.nifi.controller.repository.FileSystemRepository
nifi.content.viewer.url=/nifi-content-viewer/
nifi.database.directory=/var/lib/nifi/database_repository
nifi.documentation.working.directory=/var/lib/nifi/work/docs/components
nifi.flow.configuration.archive.dir=/var/lib/nifi/archive/
nifi.flow.configuration.archive.enabled=true
nifi.flow.configuration.archive.max.count=
nifi.flow.configuration.archive.max.storage=500 MB
nifi.flow.configuration.archive.max.time=30 days
nifi.flow.configuration.file=/var/lib/nifi/conf/flow.xml.gz
nifi.flowcontroller.autoResumeState=true
nifi.flowcontroller.graceful.shutdown.period=10 sec
nifi.flowfile.repository.always.sync=false
nifi.flowfile.repository.checkpoint.interval=2 mins
nifi.flowfile.repository.directory=/var/lib/nifi/flowfile_repository
nifi.flowfile.repository.implementation=org.apache.nifi.controller.repository.WriteAheadFlowFileRepository
nifi.flowfile.repository.partitions=256
nifi.flowservice.writedelay.interval=500 ms
nifi.h2.url.append=;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE
nifi.kerberos.krb5.file=
nifi.kerberos.service.keytab.location=
nifi.kerberos.service.principal=
nifi.kerberos.spnego.authentication.expiration=12 hours
nifi.kerberos.spnego.keytab.location=
nifi.kerberos.spnego.principal=
nifi.login.identity.provider.configuration.file=/usr/hdf/current/nifi/conf/login-identity-providers.xml
nifi.nar.library.directory=/usr/hdf/current/nifi/lib
nifi.nar.working.directory=/var/lib/nifi/work/nar
nifi.provenance.repository.always.sync=false
nifi.provenance.repository.buffer.size=100000
nifi.provenance.repository.compress.on.rollover=true
nifi.provenance.repository.debug.frequency=1_000_000
nifi.provenance.repository.directory.default=/var/lib/nifi/provenance_repository
nifi.provenance.repository.encryption.key=
nifi.provenance.repository.encryption.key.id=
nifi.provenance.repository.encryption.key.provider.implementation=
nifi.provenance.repository.encryption.key.provider.location=
nifi.provenance.repository.implementation=org.apache.nifi.provenance.PersistentProvenanceRepository
nifi.provenance.repository.index.shard.size=500 MB
nifi.provenance.repository.index.threads=1
nifi.provenance.repository.indexed.attributes=
nifi.provenance.repository.indexed.fields=EventType, FlowFileUUID, Filename, ProcessorID, Relationship
nifi.provenance.repository.journal.count=16
nifi.provenance.repository.max.attribute.length=65536
nifi.provenance.repository.max.storage.size=1 GB
nifi.provenance.repository.max.storage.time=24 hours
nifi.provenance.repository.query.threads=2
nifi.provenance.repository.rollover.size=100 MB
nifi.provenance.repository.rollover.time=30 secs
nifi.queue.swap.threshold=20000
nifi.remote.input.host=
nifi.remote.input.http.enabled=true
nifi.remote.input.http.transaction.ttl=30 sec
nifi.remote.input.secure=False
nifi.remote.input.socket.port=
nifi.security.identity.mapping.pattern.dn=
nifi.security.identity.mapping.pattern.kerb=
nifi.security.identity.mapping.value.dn=
nifi.security.identity.mapping.value.kerb=
nifi.security.keyPasswd=
nifi.security.keystore=/usr/hdf/current/nifi/conf/keystore.jks
nifi.security.keystorePasswd=
nifi.security.keystoreType=jks
nifi.security.needClientAuth=False
nifi.security.ocsp.responder.certificate=
nifi.security.ocsp.responder.url=
nifi.security.truststore=/usr/hdf/current/nifi/conf/truststore.jks
nifi.security.truststorePasswd=
nifi.security.truststoreType=jks
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=ldap-provider
nifi.sensitive.props.additional.keys=
nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.sensitive.props.key=wSdxEcJ0QRZGwFfr||CVtSGQsYIUSOXzAQEQBvu+IQFiwFpM/ZldwZgA
nifi.sensitive.props.key.protected=aes/gcm/256
nifi.sensitive.props.provider=BC
nifi.state.management.configuration.file=/usr/hdf/current/nifi/conf/state-management.xml
nifi.state.management.embedded.zookeeper.properties=/usr/hdf/current/nifi/conf/zookeeper.properties
nifi.state.management.embedded.zookeeper.start=false
nifi.state.management.provider.cluster=zk-provider
nifi.state.management.provider.local=local-provider
nifi.swap.in.period=5 sec
nifi.swap.in.threads=1
nifi.swap.manager.implementation=org.apache.nifi.controller.FileSystemSwapManager
nifi.swap.out.period=5 sec
nifi.swap.out.threads=4
nifi.templates.directory=/var/lib/nifi/templates
nifi.ui.autorefresh.interval=30 sec
nifi.ui.banner.text=
nifi.variable.registry.properties=
nifi.version=1.2.0.3.0.1.0-43
nifi.web.http.host=node01.nifi.int
nifi.web.http.network.interface.default=
nifi.web.http.port=9090
nifi.web.https.host=
nifi.web.https.network.interface.default=
nifi.web.https.port=
nifi.web.jetty.threads=200
nifi.web.jetty.working.directory=/var/lib/nifi/work/jetty
nifi.web.war.directory=/usr/hdf/current/nifi/lib
nifi.zookeeper.connect.string=node02.nifi.int:2181,node01.nifi.int:2181,node03.nifi.int:2181
nifi.zookeeper.connect.timeout=3 secs
nifi.zookeeper.root.node=/nifi
nifi.zookeeper.session.timeout=3 secs


Do you have any idea about what is happening?

Thank you in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Nifi don't show any login screen with ldap-provider

Master Guru
@Juan Manuel Nieto

NiFi must be configured to run securely over https using SSL before any user authentication can be used.

Thanks,

Matt

View solution in original post

1 REPLY 1
Highlighted

Re: Nifi don't show any login screen with ldap-provider

Master Guru
@Juan Manuel Nieto

NiFi must be configured to run securely over https using SSL before any user authentication can be used.

Thanks,

Matt

View solution in original post

Don't have an account?
Coming from Hortonworks? Activate your account here