Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Setting User Login for my Apache NiFi

Labels:
avatar
author-rank MvZ
Explorer

Created ‎02-19-2024 10:32 PM

I'm just installing Apache Nifi on linux server with version 1.25 .

this is my nifi.properties :

#nifi.security=none
#nifi.security.autoreload.enabled=false
#nifi.security.autoreload.interval=10 secs
#nifi.security.keystore=
#nifi.security.keystoreType=PKCS12
#nifi.security.keystorePasswd=
#nifi.security.keyPasswd=
#nifi.security.truststore=
#nifi.security.truststoreType=PKCS12
#nifi.security.truststorePasswd=
#nifi.security.user.authorizer=
nifi.security.allow.anonymous.authentication=false
nifi.security.user.login.identity.provider=file-login-provider
#nifi.security.user.jws.key.rotation.period=PT1H
#nifi.security.ocsp.responder.url=
#nifi.security.ocsp.responder.certificate=

this is my users.xml :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<tenants>
    <users>
        <!-- Add more users as needed -->
        <user identifier="ronald">
            <identity>ronald</identity>
            <!-- Replace CREDENTIAL_VALUE with the hashed password -->
            <credential>wyojiYY_R6FGaU-XZKg5K9Mai1NlZXizt_-KGyWsHBs=</credential>
        </user>
    </users>

    <groups>
        <!-- Define groups if needed -->
    </groups>

    <policies>
        <!-- Define access policies if needed -->
    </policies>
</tenants>

and this is my authorizers.xml :

    ...
    <policies>
        <!-- Define access policies -->
        <policy identifier="ronald_policy">
            <resource>/flow</resource>
            <action>read</action>
            <action>write</action>
            <action>delete</action>
            <user>ronald</user>
        </policy>
    </policies>
</authorizers>

I still got an error when starting the app :

Caused by: java.lang.Exception: The specified login identity provider 'file-login-provider' could not be found.
        at org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean.getObject(LoginIdentityProviderFactoryBean.java:131)
        at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:169)
        ... 72 common frames omitted
2024-02-20 13:18:04,241 INFO [Thread-0] org.apache.nifi.NiFi Application Server shutdown started
1,508 Views
1 ACCEPTED SOLUTION

avatar
author-rank MattWho author-rank
Master Mentor

Created on ‎03-04-2024 07:30 AM - edited ‎03-04-2024 08:09 AM

@MvZ 

The "file-login-provider" login identity-provider has never existed in any out-of-the-box release of Apache NiFi.

If you have created or downloaded some custom implementation of this provider. You would need to consult with that author in getting it to work.
Where did you obtain this provider from and what process did you follow to add it to your NiFi installation?

The exception you have shared simply tells you that during startup NiFi is loading the nifi.properties file and the property "nifi.security.user.login.identity.provider" is configured with "file-login-provider"; however, when NiFi parsed the login-identity-providers.xml configuration file, no provider with:

<identifier>file-login-provider</identifier>

was found in that configuration file.

I can't provide any guidance on this provider as I was unable to find anything online about what I am expecting is a custom add-on provider.

The out-of-the-box available authentication providers are found in the NiFi documentation here:
Apache NiFi 1.2x versions: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication
Apache NiFi 2.x versions: https://nifi.apache.org/documentation/nifi-2.0.0-M1/html/administration-guide.html#user_authenticati...

NiFi Authentication and Authorization are two different configurations and independent configurations.
Once you have chosen how you want to handle user authentication, you then move on to setting up user authorization:
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#multi-tenant-authorization.

For file based authorization, NiFi offers two providers:
1. Older deprecated FileAuthorizer
2. The current StandardManagedAuthorizer

These providers are configured in the NiFi authorizers.xml file.  No direct useer policies get defined in the authorizers.xml file.  The FileAuthorizer or the FileAccessPolicyProvider referenced by the StandardManagedAuthorizer will generate the initial authorizations.xml file with the initial admin user configured in the provider chosen.  You would not typically manually generate or manipulate this file. Instead you would acces your NiFi's UI using that initial admin and define additional user authorizations directly via the NiFi UI.

Here is an example of what you would have in your authorizers.xml if using the StandardManagedAuthorizer:

<authorizers>
    <userGroupProvider>
        <identifier>file-user-group-provider</identifier>
        <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
        <property name="Users File">./conf/users.xml</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Initial User Identity 1">ronald</property>
    </userGroupProvider>
    <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
        <property name="User Group Provider">file-user-group-provider</property>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Initial Admin Identity">ronald</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Node Identity 1"></property>
    </accessPolicyProvider>
    <authorizer>
        <identifier>managed-authorizer</identifier>
        <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
        <property name="Access Policy Provider">file-access-policy-provider</property>
    </authorizer>
</authorizers>

 

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

View solution in original post

1,394 Views
0 Kudos
3 REPLIES 3

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎02-20-2024 12:35 AM

@MvZ, Welcome to our community! To help you get the best possible answer, I have tagged our NiFi experts @MattWho @SAMSAL @cotopaul @TimothySpann who may be able to assist you further.

Please feel free to provide any additional information or details about your query, and we hope that you will find a satisfactory solution to your question.


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
1,486 Views

avatar
author-rank TimothySpann author-rank
Master Guru

Created ‎02-20-2024 05:55 AM

file-login-provider is no longer a thing, maybe do single user

 

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication

 

https://community.cloudera.com/t5/Support-Questions/Apache-NiFi-user-authentication-creation-of-mult...

nifi.security.user.login.identity.provider=single-user-provider

1,475 Views

avatar
author-rank MattWho author-rank
Master Mentor

Created on ‎03-04-2024 07:30 AM - edited ‎03-04-2024 08:09 AM

@MvZ 

The "file-login-provider" login identity-provider has never existed in any out-of-the-box release of Apache NiFi.

If you have created or downloaded some custom implementation of this provider. You would need to consult with that author in getting it to work.
Where did you obtain this provider from and what process did you follow to add it to your NiFi installation?

The exception you have shared simply tells you that during startup NiFi is loading the nifi.properties file and the property "nifi.security.user.login.identity.provider" is configured with "file-login-provider"; however, when NiFi parsed the login-identity-providers.xml configuration file, no provider with:

<identifier>file-login-provider</identifier>

was found in that configuration file.

I can't provide any guidance on this provider as I was unable to find anything online about what I am expecting is a custom add-on provider.

The out-of-the-box available authentication providers are found in the NiFi documentation here:
Apache NiFi 1.2x versions: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication
Apache NiFi 2.x versions: https://nifi.apache.org/documentation/nifi-2.0.0-M1/html/administration-guide.html#user_authenticati...

NiFi Authentication and Authorization are two different configurations and independent configurations.
Once you have chosen how you want to handle user authentication, you then move on to setting up user authorization:
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#multi-tenant-authorization.

For file based authorization, NiFi offers two providers:
1. Older deprecated FileAuthorizer
2. The current StandardManagedAuthorizer

These providers are configured in the NiFi authorizers.xml file.  No direct useer policies get defined in the authorizers.xml file.  The FileAuthorizer or the FileAccessPolicyProvider referenced by the StandardManagedAuthorizer will generate the initial authorizations.xml file with the initial admin user configured in the provider chosen.  You would not typically manually generate or manipulate this file. Instead you would acces your NiFi's UI using that initial admin and define additional user authorizations directly via the NiFi UI.

Here is an example of what you would have in your authorizers.xml if using the StandardManagedAuthorizer:

<authorizers>
    <userGroupProvider>
        <identifier>file-user-group-provider</identifier>
        <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
        <property name="Users File">./conf/users.xml</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Initial User Identity 1">ronald</property>
    </userGroupProvider>
    <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
        <property name="User Group Provider">file-user-group-provider</property>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Initial Admin Identity">ronald</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Node Identity 1"></property>
    </accessPolicyProvider>
    <authorizer>
        <identifier>managed-authorizer</identifier>
        <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
        <property name="Access Policy Provider">file-access-policy-provider</property>
    </authorizer>
</authorizers>

 

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

1,395 Views
0 Kudos
webinar banner
Announcements
What's New @ Cloudera
Cloudera Streams Messaging Operator 1.1
What's New @ Cloudera
From Silos to Synergy: Unifying Data Warehousing and AI
What's New @ Cloudera
Cloudera Streaming Analytics 1.13 for Private Cloud Base
What's New @ Cloudera
Get started with Cloudera Data Engineering on AWS Graviton a...
What's New @ Cloudera
[NEW] Cloudera Data Engineering 1.22 for Public Cloud: Suppo...
View More Announcements