Hello @PepeVo,  Thanks for being part of our community.  On NiFi 2 the HTTPS is expected, that is the reason why the service does not start:  Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'flowController' defined in class path resource [org/apache/nifi/framework/configuration/FlowControllerConfiguration.class]: Failed to instantiate [org.apache.nifi.controller.FlowController]: Factory method 'flowController' threw exception with message: Remote input HTTPS is enabled but nifi.web.https.port is not specified. If you do not want to use HTTPS, you should disable the secure input port with this setting:  nifi.remote.input.secure=false The default is true, so it always asks for HTTPS port.  The suggestion is to use HTTPS for security reasons, but if you still prefer HTTP, that is the option.  ... View more

Hello @TyTheNiFiGuy,  Thanks for being part of our community.  I was checking that NiFi Registry does not have support for asymmetric RSA such as RS256.  That is a limitation itself, and not a problem in your token.  The log do tell this:  2026-01-02 18:22:27,220 INFO [NiFi logging handler] org.apache.nifi.registry.StdOut Caused by: java.lang.IllegalArgumentException: The default resolveSigningKey(JwsHeader, Claims) implementation cannot be used for asymmetric key algorithms (RSA, Elliptic Curve).  Override the resolveSigningKey(JwsHeader, Claims) method instead and return a Key instance appropriate for the RS256 algorithm.  Checking the code, I see that only HS256 is supported:  private static final MacAlgorithm SIGNATURE_ALGORITHM = Jwts.SIG.HS256; https://github.com/apache/nifi/blob/9998b6d9ce21a66db240ff6131fc882002285e8b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/jwt/JwtService.java#L53C1-L54C1  ... View more

Hello @samlex,  Thanks for joining our community.  I do not know exactly how this fits Cloudera scope, but very interesting question.  Reading some other information and searching for that, I found other patents that do have PSHUFB used.  For example:  https://patents.google.com/patent/US11848686B2/en  https://patents.google.com/patent/US11362678B2/en  Can you tells us more how this relates to Cloudera? Maybe we can get some specific help on that field if this applies.  ... View more

Hello @OlivierCS,  Thanks for being part of this community.  I think this applies to https://issues.apache.org/jira/browse/NIFI-14841.  This looks like there are some issues known on NiFi 2.4 about load distribution.  According to the Jira, it's solved in 2.6.  Do you have this NiFi standalone or it's CFM? If standalone, you may take a look and consider using that newer version.  Maybe other members on the community have more ideas to share.   ... View more

Hello @blackboks,  Thanks for being part of our community.  That error you're facing looks like it's from Java side, not from NiFi.  This appears when no timezone information is provided during the request.  Maybe these two forums can help you find where in your query is missing that:  https://java2blog.com/format-instant-to-string-java/ https://stackoverflow.com/questions/25229124/unsupportedtemporaltypeexception-when-formatting-instant-to-string  ... View more

Hello @fy-test,  Thanks for being part of our community.  That could be something normal, NiFi Registry 2.6 is a stable version released on September 21st.  https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version2.6.0 Now, those results can be true, but the scanner should tell the CVE-XXXX-XXX IDs With those you can review if they are reported or not.  If you are using CDF you can open a case with Cloudera and report those CVEs for review.   ... View more

Hi again @spartakus,  Adding more information, as mentioned, natively, it looks like it's not supported.  But here there is a Jira that explains the behavior and some steps they made:  https://issues.apache.org/jira/browse/NIFI-6152  ... View more

Hello @spartakus,  Thanks for being part of our community.  I do not see any specific way to configure OIDC through a proxy natively.  As far as I know, no properties have been designed for that.  I was searching and an option you can try is using the bootstrap options to forward all HTTP and HTTPS requests to proxy, that would include the OIDC too, but you need to confirm if this would affect your flows or not:  -Dhttp.proxyHost=proxy.myproxy.com -Dhttp.proxyPort=8080 -Dhttps.proxyHost=proxy.myproxy.com -Dhttps.proxyPort=8080 ... View more

Hello @Pedro_E,  Thanks for being part of our Cloudera Community.  I was checking the log and error and there is no much information more than that:  org.apache.hadoop.yarn.exceptions.YarnRuntimeException: org.apache.hadoop.yarn.exceptions.YarnRuntimeException: Received SHUTDOWN signal from Resourcemanager, Registration of NodeManager failed, Message from ResourceManager: Disallowed NodeManager from host.company.com, Sending SHUTDOWN signal to the NodeManager. Note: you uploaded full log with hostnames and more, maybe you want to edit that to exclude private information.  That error is telling us the RM is rejecting the NM to be registered.  This could be for an issue with a busy port or name resolution.  Make sure that RM can resolve the FQDN properly, and same on the NM with the RM name.  If not, solve that issue by fixing DNS or adding the info to hosts file.  Also, if possible, restart the OS on that NM, that will clear any hanging process that may be using the ports needed for this registration.  If you still face the issue, it would be worth seeing the RM log when you face the issue with the registration.  ... View more