Hello all,
Please bear with me if I ask a simple/basic question. I am new to NiFi and appreciate your patience and support.
I am setting up secure NiFi in 2 clusters. I am using NiFi 1.15.3 version in my setup. My cluster 1 has nodes: node1, node2, node3 and cluster 2 has nodes: node4, node5, node6.
I have created certificates in my organization by setting node1 as primary node and other nodes as alternative nodes. I use the same certificates in both clusters since I added all the nodes to the certificate when creating it.
My cluster 1 starts and I can able to login to web ui with admin user without any issues. However, my cluster 2 starts without any issues but when I try to login, it throws:
Insufficient permission. Untrusted proxy CN=node1, O=xxxx, L=yyyy, ST=zzzz, C=US
and in logs:
o.a.n.w.s.NiFiAuthenticationFilter Authentication Failed GET https://node4:8443/nifi-api/flow/current-user [Untrusted proxy CN=node1, O=xxxx, L=yyyy, ST=zzzz, C=US]
As a part of troubleshooting, I added the node1 as initial user and node identity in cluster 2's authorizers.xml file. After deleting users.xml and authorizations.xml and restarting the NiFi, I was able to login to web UI.
My questions:
1. Should I add the certificate's primary node as initial user and node identity where ever I use this certificate?
2. What if the primary node went down for some reason. Will it cause any issue?
Appreciate any help on this.
Regards
