Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Untrusted proxy in Kerberized NiFi

Untrusted proxy in Kerberized NiFi

Contributor

After a series of setups, I am getting an error - "Insufficient Permission, Untrusted proxy" while trying to login in to NiFi. Any suggestions?

My Environment (only listed relevance):

HDP-3.1.0.0 (3.1.0.0-78)
NiFi 1.7.0
Kerberized with AD (Win 2012R2) 

NiFi Properties:

Service Property Value
NiFi Encrypt Configuration Master Key Password Centos$168Centos$168
NiFi Sensitive property values encryption password Centos$168Centos$168
NiFi Enable SSL TRUE
NiFi Clients need to authenticate TRUE
NiFi NiFi CA Token Centos$168Centos$168
NiFi Initial Admin Identity CN=hadoopadmin, OU=LAB.HORTONWORKS.NET
NiFi NiFi CA DN suffix , OU=LAB.HORTONWORKS.NET
NiFi Node Identities <property name="Node Identity 1">CN=hdp311.lab.hortonworks.net, OU=LAB.HORTONWORKS.NET</property>
NiFi nifi.security.identity.mapping.pattern.dn ^CN=(.*?), OU=(.*?)$
NiFi nifi.security.identity.mapping.value.dn $1
NiFi nifi.security.identity.mapping.pattern.kerb ^(.*?)@(.*?)$
NiFi nifi.security.identity.mapping.value.kerb $1

Note: No authorizations.xml file.

Ranger Policies:

Ranger Policy Permissions User
/flow Read hadoopadmin
/proxy Read, Write hadoopadmin
/data/* Read, Write hadoopadmin
/* Read, Write hadoopadmin

NiFi URL:

https://hdp311.lab.hortonworks.net:9091/nifi/

NiFi Error from browser:

Login Error

Error Message from /var/log/nifi/nifi-user.log:

2019-02-07 13:17:59,472 INFO [NiFi Web Server-18] o.a.n.w.a.c.AccessDeniedExceptionMapper <no user found> does not have permission to access the requested resource. Kerberos validation n$

2019-02-07 13:17:59,496 INFO [NiFi Web Server-20] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: OpenId Connect is not configured.. Returning Conflict response.

2019-02-07 13:17:59,520 INFO [NiFi Web Server-22] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[anonymous], groups[none] does not have permission to access the requested resource. Una$

2019-02-07 13:18:12,333 INFO [NiFi Web Server-17] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<JWT token>) GET https://hdp311.lab.hortonworks.net:9091/nifi-api/flow/curren$

2019-02-07 13:18:12,336 INFO [NiFi Web Server-17] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for hadoopadmin

2019-02-07 13:18:12,396 INFO [NiFi Web Server-18] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<hadoopadmin><CN=hdp311.lab.hortonworks.net, OU=LAB.HORTONWORKS.NET>) GET htt$

2019-02-07 13:18:12,397 WARN [NiFi Web Server-18] o.a.n.w.s.NiFiAuthenticationFilter Rejecting access to web api: Untrusted proxy hdp311.lab.hortonworks.net

Don't have an account?
Coming from Hortonworks? Activate your account here