Support Questions
Find answers, ask questions, and share your expertise

Problem login for first time in Nifi

New Contributor

I have my authorizers.xml with my user setting in Initial Admin Identity value. I acces the login page, but when I try to access, have this error message: Unable to perform the desired action due to insufficient permissions. Contact the system administrator. I remove the http port from nifi.properties, change the Inital Admin Identity, use the same that is in the Manager DN in nifi.properties, delete the users.xml and authorizations.xml to create again with my user, they are created with policy to add user and roles, but I cannot get the UI in Nifi to add other users and assign roles to them. Any help will be apreciated.

Regards

PD: Adding screen shots and the autorized code

<authorizer> <identifier>file-provider</identifier> <class>org.apache.nifi.authorization.FileAuthorizer</class> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Users File">./conf/users.xml</property> <property name="Initial Admin Identity">CN=Lxxxxx Axxxxx</property> <property name="Legacy Authorized Users File"></property> <!-- Provide the identity (typically a DN) of each node when clustered, see above description of Node Identity. <property name="Node Identity 1"></property> <property name="Node Identity 2"></property> --> </authorizer>


login.pngloginerror.png
1 ACCEPTED SOLUTION

Accepted Solutions

Master Guru
@Diego Labrador

Anytime you encounter the message "Unable to perform the desired action due to insufficient permissions. Contact the system administrator.", you are having an authorization issue. Authentication issues present different errors.

You should inspect your nifi-user.log while trying to access the UI to see what the exact string is being passed to the authorizer. By default with ldap as your configured login identity provider, the full DN for the user who logged in is passed to the authorizer. By the looks of the above you configured on the CN= as your initial admin identity. The string passed to the authorizer will be shown in nifi-user.log and must matcha exactly (Case sensitive and spaces count as valid characters also.

Thanks,

Mat

View solution in original post

4 REPLIES 4

Master Guru
@Diego Labrador

Anytime you encounter the message "Unable to perform the desired action due to insufficient permissions. Contact the system administrator.", you are having an authorization issue. Authentication issues present different errors.

You should inspect your nifi-user.log while trying to access the UI to see what the exact string is being passed to the authorizer. By default with ldap as your configured login identity provider, the full DN for the user who logged in is passed to the authorizer. By the looks of the above you configured on the CN= as your initial admin identity. The string passed to the authorizer will be shown in nifi-user.log and must matcha exactly (Case sensitive and spaces count as valid characters also.

Thanks,

Mat

View solution in original post

New Contributor

@Matt Clarke

Thanks for the answer, I just find out what the problem was. I authenticate against LDAP with my user name, not mi CN. So, when I change the Initial Admin Identity to my login name, all the problems were resolve. I find out this after reviewing the user log, as you suggest, and make the change. Now I'm adding user and assign policies to them.

Regards

New Contributor

please can you provide me the doc about how to create LDAP auth for user and password nifi