Support Questions
Find answers, ask questions, and share your expertise

Unable to integrate the nifi 1.15.3 with Azure AD

New Contributor

I have tried enabling "azure-graph-user-group-provider" in my NiFi 1.15.3 and I'm getting multiple errors when I complete the configuration of nifi.properties and authorizers.xml and the nifi is not starting.

 

Error getting:

 

 

Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.apache.nifi.web.security.configuration.AuthenticationSecurityConfiguration': Unsatisfied dependency expressed through constructor parameter 2; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is java.lang.UnsupportedOperationException: JsonNull

 

 

 

Current nifi.properties configuration:

 

 

# OpenId Connect SSO Properties #
nifi.security.user.oidc.discovery.url=https://login.microsoftonline.com/543*****-****/v2.0/.well-known/openid-configuration
nifi.security.user.oidc.connect.timeout=5 secs
nifi.security.user.oidc.read.timeout=5 secs
nifi.security.user.oidc.client.id=f37e8c38-******
nifi.security.user.oidc.client.secret=GZI7Q~RGEL-*******
nifi.security.user.oidc.preferred.jwsalgorithm=
nifi.security.user.oidc.additional.scopes=profile
nifi.security.user.oidc.claim.identifying.user=upn
nifi.security.user.oidc.fallback.claims.identifying.user=

 

 

 

Authorizers.xml

 

<authorizers>
<userGroupProvider>
        <identifier>file-user-group-provider</identifier>
        <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
        <property name="Users File">./conf/users.xml</property>
        <property name="Legacy Authorized Users File"></property>

        <property name="Initial User Identity 1">CN=admin, OU=NiFi</property>
    </userGroupProvider>

<userGroupProvider>
        <identifier>azure-graph-user-group-provider</identifier>
        <class>org.apache.nifi.authorization.azure.AzureGraphUserGroupProvider</class>
        <property name="Refresh Delay">5 mins</property>
        <property name="Authority Endpoint">https://login.microsoftonline.com</property>
        <property name="Directory ID">94416a-b*****-*****-****</property>
        <property name="Application ID">e37e88-*****-*****-****</property>
        <property name="Client Secret">TZDSQ~*****-*****-****</property>
        <!--<property name="Group Filter Prefix">Nifi-AAD</property>-->
        <property name="Group Filter Suffix"></property>
        <property name="Group Filter Substring"></property>
        <property name="Group Filter List Inclusion"></property>
        <property name="Page Size">55</property>
        <property name="Claim for Username">upn</property>
    </userGroupProvider>

<accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
        <property name="User Group Provider">file-user-group-provider</property>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Initial Admin Identity">CN=admin, OU=NiFi</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Node Identity 1"></property>
        <property name="Node Group"></property>
    </accessPolicyProvider>

<authorizer>
        <identifier>managed-authorizer</identifier>
        <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
        <property name="Access Policy Provider">file-access-policy-provider</property>
    </authorizer>

<authorizer>
        <identifier>single-user-authorizer</identifier>
        <class>org.apache.nifi.authorization.single.user.SingleUserAuthorizer</class>
    </authorizer>
</authorizers>

 

 

It would be much appreciated If anybody can help on this at the earliest.

 

Thanks in Advance!

0 REPLIES 0
; ;