Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Untrusted proxy CN=rang2, OU=NIFI

avatar
New Contributor

I am getting error Untrusted proxy CN=rang2, OU=NIFI while trying to log into NiFi UI .

Follow this page I enable SSL for Nifi ,but meet one mistake as he say and can't solve it by myself.

https://community.hortonworks.com/articles/58009/hdf-20-enable-ssl-for-apache-nifi-from-ambari.html

In Ambari UI, I've set Node Identities in Advanced nifi-ambari-ssl-config:

<!-- Provide the identity (typically a DN) of each node when clustered (see tool tip for detailed description of Node Identity). Must be specified when Ranger Nifi plugin will not be used for authorization. -->

<property name="Node Identity 1">CN=rang2, OU=NIFI</property>

And in authorizers.xml, it seems to work:

        <authorizer>
        <identifier>ranger-provider</identifier>


        <class>org.apache.nifi.ranger.authorization.RangerNiFiAuthorizer</class>
        <property name="Ranger Audit Config Path">/usr/hdf/current/nifi/conf/ranger-nifi-audit.xml</property>
        <property name="Ranger Security Config Path">/usr/hdf/current/nifi/conf/ranger-nifi-security.xml</property>
        <property name="Ranger Service Type">nifi</property>
        <property name="Ranger Application Id">nifi</property>
        <property name="Ranger Admin Identity">CN=mytest, OU=NIFI</property>


        <property name="Ranger Kerberos Enabled">true</property>








<!-- Provide the identity (typically a DN) of each node when clustered (see tool tip for detailed description of Node Identity). Must be specified when Ranger Nifi plugin will not be used for authorization. -->


<property name="Node Identity 1">CN=rang2, OU=NIFI</property>


        </authorizer>
        </authorizers>

But this error happened when I set policies by Ranger UI and try to login nifi. Any suggestions?

1 ACCEPTED SOLUTION

avatar
Super Mentor
@wang ling

The "<propertyname="Node Identity 1">CN=rang2, OU=NIFI</property>" property in the authorizers.xml is only used when using NiFi's default file based authorization provider. It does not apply when using Ranger as your authorization provider.

-

In Ranger, you will need to make sure the user "CN=rang2, OU=NIFI" exists and has been give access to the "/proxy" NiFi Resource Identifier.

-

Thank you,

Matt

-

If you found this answer addressed your question, please take moment to login and click "accept" below the answer.

View solution in original post

2 REPLIES 2

avatar
Super Mentor
@wang ling

The "<propertyname="Node Identity 1">CN=rang2, OU=NIFI</property>" property in the authorizers.xml is only used when using NiFi's default file based authorization provider. It does not apply when using Ranger as your authorization provider.

-

In Ranger, you will need to make sure the user "CN=rang2, OU=NIFI" exists and has been give access to the "/proxy" NiFi Resource Identifier.

-

Thank you,

Matt

-

If you found this answer addressed your question, please take moment to login and click "accept" below the answer.

avatar
New Contributor

Thanks, followed your advice I've solved this problem. I didn't realize that nifi host should also authoried by Ranger.