@rajeshfss - Refer to the Registry docs -- Running registry and streamline web-services securely. ... View more

@data-light  NiFi nodes will always be authenticated via the clientAuth certificate they present.  The Owner DN from the node's PrivateKeyEntry in the keystore file is what is used.  What is important to know is that NiFi provides a mechanism that can trim/modify those full DNs through the uses of identity mapping properties [1]that users can configure in the nifi.properties file.  After a mapping is applied against an identity string the resulting mapped value is what is actually passed to the configured NiFi Authorizer. So within the authorizer, that now mapped value is what the authorization policies need to be mapped to. The nifi-user.log will show the mapped value (case sensitive) that is being used during authorization.  So if you see only "Nifi-node-0" in the nifi-user.log, then that exact string is what needs to exist in your authorizer and have policy assigned to it.  If the nifi-user.log was showing "cn=Nifi-node-0, ou=mycompany, ou=nifi", then that full DN would need to be present in your authorizer with assigned policies. So you will want to get a verbose output of your nodes keystore files, your nifi.properties file to see what identity mapping patterns have been set, and the authorizers.xml to see how your authorization setup is done, and the nifi-user.log.  [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#identity-mapping-properties Hope this helps address your question. IF so, please take a moment to login and click "Accept" on this solution.   Thank you, Matt ... View more

How can i convert some of the fields based on this validation?. Can i perform validation based on a particular data type alone?. Thanks ... View more

@louis_allen  You should avoid asking additional questions on an existing post that already has an accepted solution.  If the accepted solution does not resolve your issue that you may be having a different problem.   You would get better visibility and a help if you were to start a new question. That being said, if you are having a "javax.net.ssl.SSLHandshakeException", you issue is during client authentication and have not even the point of verifying client authorization.  So you need to take a closer look at the keystores and truststores you have setup on both your NiFi and NiFi-Registry to make sure that a mutual TLS handshake can be successfully negotiated. Feel free to ping me if you start a new community question. Hope this helps, Matt ... View more

@alim Do you have any update on this? Is there a preferred way to handle HA?   Thanks, Alex ... View more

Hi @jaypee, I'm also facing a similar issue, is yours resolved?   Thanks, Shivansh ... View more

@nifi_pista , as this is an older article, you would have a better chance of receiving a resolution by starting a new thread. This will also provide the opportunity to provide details specific to your environment that could aid others in providing a more accurate answer to your question.  ... View more

@JeanGuzman , As this is an older article, you would have a better chance of receiving a resolution by starting a new thread. This will also provide the opportunity to provide details specific to your environment that could aid others in providing a more accurate answer to your question.  ... View more

Hi Alim , thanks for this very wonderful post on using Nifi as CDC. Is there a provision in Nifi to use something similar for Oracle Database ? ... View more

Here is a link of 5.5 hours of free Apache NiFi course.    https://www.udemy.com/course/apache-nifi-latest-course/?couponCode=LATESTNIFI ... View more