Support Questions

Find answers, ask questions, and share your expertise

Nifi don't show any login screen with ldap-provider

avatar
Expert Contributor

Hello,

I'm doing some test with a nifi cluster (HDF 3), and I wanted to configure ldap as authentication service, I've not configured SSL yet but I would like to test the ldap authentication.

But when I try to access the cluster it directly logs me as anonymous and I can see the flows without any login screen.

My configuration is the following

login-identity-providers.xml

            <provider>
  <identifier>ldap-provider</identifier>
  <class>org.apache.nifi.ldap.LdapProvider</class>
  <property name="Identity Strategy">USE_USERNAME</property>
  <property name="Authentication Strategy">SIMPLE</property>
  <property name="Manager DN">cn=Manager,dc=nifi,dc=int</property>
  <property encryption="aes/gcm/256" name="Manager Password">mIV4TPuSpfOGzd3E||FZnVyewmvoWGEmf1sF5cCTCy4tztrwo</property>
  <property name="TLS - Keystore"/>
  <property name="TLS - Keystore Password"/>
  <property name="TLS - Keystore Type"/>
  <property name="TLS - Truststore"/>
  <property name="TLS - Truststore Password"/>
  <property name="TLS - Truststore Type"/>
  <property name="TLS - Client Auth"/>
  <property name="TLS - Protocol"/>
  <property name="TLS - Shutdown Gracefully"/>
  <property name="Referral Strategy">FOLLOW</property>
  <property name="Connect Timeout">10 secs</property>
  <property name="Read Timeout">10 secs</property>
  <property name="Url">ldap://node03.nifi.int:389</property>
  <property name="User Search Base">ou=Users,dc=nifi,dc=int</property>
  <property name="User Search Filter">uid={0}</property>
  <property name="Authentication Expiration">12 hours</property>
</provider>


nifi.properties:

# Generated by Apache Ambari. Tue Sep 12 12:27:33 2017


nifi.administrative.yield.duration=30 sec
nifi.authorizer.configuration.file=/usr/hdf/current/nifi/conf/authorizers.xml
nifi.bored.yield.duration=10 millis
nifi.cluster.flow.election.max.candidates=3
nifi.cluster.flow.election.max.wait.time=5 mins
nifi.cluster.is.node=true
nifi.cluster.node.address=node01.nifi.int
nifi.cluster.node.connection.timeout=5 sec
nifi.cluster.node.event.history.size=25
nifi.cluster.node.protocol.max.threads=
nifi.cluster.node.protocol.port=9088
nifi.cluster.node.protocol.threads=10
nifi.cluster.node.read.timeout=5 sec
nifi.cluster.protocol.heartbeat.interval=5 sec
nifi.cluster.protocol.is.secure=False
nifi.components.status.repository.buffer.size=1440
nifi.components.status.repository.implementation=org.apache.nifi.controller.status.history.VolatileComponentStatusRepository
nifi.components.status.snapshot.frequency=1 min
nifi.content.claim.max.appendable.size=10 MB
nifi.content.claim.max.flow.files=100
nifi.content.repository.always.sync=false
nifi.content.repository.archive.enabled=true
nifi.content.repository.archive.max.retention.period=12 hours
nifi.content.repository.archive.max.usage.percentage=50%
nifi.content.repository.directory.default=/var/lib/nifi/content_repository
nifi.content.repository.implementation=org.apache.nifi.controller.repository.FileSystemRepository
nifi.content.viewer.url=/nifi-content-viewer/
nifi.database.directory=/var/lib/nifi/database_repository
nifi.documentation.working.directory=/var/lib/nifi/work/docs/components
nifi.flow.configuration.archive.dir=/var/lib/nifi/archive/
nifi.flow.configuration.archive.enabled=true
nifi.flow.configuration.archive.max.count=
nifi.flow.configuration.archive.max.storage=500 MB
nifi.flow.configuration.archive.max.time=30 days
nifi.flow.configuration.file=/var/lib/nifi/conf/flow.xml.gz
nifi.flowcontroller.autoResumeState=true
nifi.flowcontroller.graceful.shutdown.period=10 sec
nifi.flowfile.repository.always.sync=false
nifi.flowfile.repository.checkpoint.interval=2 mins
nifi.flowfile.repository.directory=/var/lib/nifi/flowfile_repository
nifi.flowfile.repository.implementation=org.apache.nifi.controller.repository.WriteAheadFlowFileRepository
nifi.flowfile.repository.partitions=256
nifi.flowservice.writedelay.interval=500 ms
nifi.h2.url.append=;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE
nifi.kerberos.krb5.file=
nifi.kerberos.service.keytab.location=
nifi.kerberos.service.principal=
nifi.kerberos.spnego.authentication.expiration=12 hours
nifi.kerberos.spnego.keytab.location=
nifi.kerberos.spnego.principal=
nifi.login.identity.provider.configuration.file=/usr/hdf/current/nifi/conf/login-identity-providers.xml
nifi.nar.library.directory=/usr/hdf/current/nifi/lib
nifi.nar.working.directory=/var/lib/nifi/work/nar
nifi.provenance.repository.always.sync=false
nifi.provenance.repository.buffer.size=100000
nifi.provenance.repository.compress.on.rollover=true
nifi.provenance.repository.debug.frequency=1_000_000
nifi.provenance.repository.directory.default=/var/lib/nifi/provenance_repository
nifi.provenance.repository.encryption.key=
nifi.provenance.repository.encryption.key.id=
nifi.provenance.repository.encryption.key.provider.implementation=
nifi.provenance.repository.encryption.key.provider.location=
nifi.provenance.repository.implementation=org.apache.nifi.provenance.PersistentProvenanceRepository
nifi.provenance.repository.index.shard.size=500 MB
nifi.provenance.repository.index.threads=1
nifi.provenance.repository.indexed.attributes=
nifi.provenance.repository.indexed.fields=EventType, FlowFileUUID, Filename, ProcessorID, Relationship
nifi.provenance.repository.journal.count=16
nifi.provenance.repository.max.attribute.length=65536
nifi.provenance.repository.max.storage.size=1 GB
nifi.provenance.repository.max.storage.time=24 hours
nifi.provenance.repository.query.threads=2
nifi.provenance.repository.rollover.size=100 MB
nifi.provenance.repository.rollover.time=30 secs
nifi.queue.swap.threshold=20000
nifi.remote.input.host=
nifi.remote.input.http.enabled=true
nifi.remote.input.http.transaction.ttl=30 sec
nifi.remote.input.secure=False
nifi.remote.input.socket.port=
nifi.security.identity.mapping.pattern.dn=
nifi.security.identity.mapping.pattern.kerb=
nifi.security.identity.mapping.value.dn=
nifi.security.identity.mapping.value.kerb=
nifi.security.keyPasswd=
nifi.security.keystore=/usr/hdf/current/nifi/conf/keystore.jks
nifi.security.keystorePasswd=
nifi.security.keystoreType=jks
nifi.security.needClientAuth=False
nifi.security.ocsp.responder.certificate=
nifi.security.ocsp.responder.url=
nifi.security.truststore=/usr/hdf/current/nifi/conf/truststore.jks
nifi.security.truststorePasswd=
nifi.security.truststoreType=jks
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=ldap-provider
nifi.sensitive.props.additional.keys=
nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.sensitive.props.key=wSdxEcJ0QRZGwFfr||CVtSGQsYIUSOXzAQEQBvu+IQFiwFpM/ZldwZgA
nifi.sensitive.props.key.protected=aes/gcm/256
nifi.sensitive.props.provider=BC
nifi.state.management.configuration.file=/usr/hdf/current/nifi/conf/state-management.xml
nifi.state.management.embedded.zookeeper.properties=/usr/hdf/current/nifi/conf/zookeeper.properties
nifi.state.management.embedded.zookeeper.start=false
nifi.state.management.provider.cluster=zk-provider
nifi.state.management.provider.local=local-provider
nifi.swap.in.period=5 sec
nifi.swap.in.threads=1
nifi.swap.manager.implementation=org.apache.nifi.controller.FileSystemSwapManager
nifi.swap.out.period=5 sec
nifi.swap.out.threads=4
nifi.templates.directory=/var/lib/nifi/templates
nifi.ui.autorefresh.interval=30 sec
nifi.ui.banner.text=
nifi.variable.registry.properties=
nifi.version=1.2.0.3.0.1.0-43
nifi.web.http.host=node01.nifi.int
nifi.web.http.network.interface.default=
nifi.web.http.port=9090
nifi.web.https.host=
nifi.web.https.network.interface.default=
nifi.web.https.port=
nifi.web.jetty.threads=200
nifi.web.jetty.working.directory=/var/lib/nifi/work/jetty
nifi.web.war.directory=/usr/hdf/current/nifi/lib
nifi.zookeeper.connect.string=node02.nifi.int:2181,node01.nifi.int:2181,node03.nifi.int:2181
nifi.zookeeper.connect.timeout=3 secs
nifi.zookeeper.root.node=/nifi
nifi.zookeeper.session.timeout=3 secs


Do you have any idea about what is happening?

Thank you in advance.

1 ACCEPTED SOLUTION

avatar
Master Mentor
@Juan Manuel Nieto

NiFi must be configured to run securely over https using SSL before any user authentication can be used.

Thanks,

Matt

View solution in original post

1 REPLY 1

avatar
Master Mentor
@Juan Manuel Nieto

NiFi must be configured to run securely over https using SSL before any user authentication can be used.

Thanks,

Matt