Member since
08-10-2017
108
Posts
2
Kudos Received
7
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
2948 | 01-28-2019 08:41 AM | |
4962 | 01-28-2019 08:35 AM | |
2724 | 12-18-2018 05:42 AM | |
7969 | 08-16-2018 12:12 PM | |
3050 | 07-24-2018 06:55 AM |
06-07-2018
08:11 AM
HI All, In our cluster NIFI is SSL enabled. Ranger is not SSL enabled. Both NIFI and Ranger are integrated with AD/LDAP. Before enabling NIFI plugin in Ranger, our AD/LDAP users are able to see NIFI UI. But after enabling NIFI plugin in Ranger, our AD/LDAP users are not able to see NIFI UI. We are getting following message on NIFI screen: Insufficient Permissions
Untrusted proxy CN=*.test.com, OU=NIFI nifi-user.log shows Authentication success but Untrusted proxy error as follows: 2018-06-07 07:00:13,447 INFO [NiFi Web Server-19] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<JWT token>) GET https://usdf24v0075.test.com:9091/nifi-api/flow/current-user (source ip: 10.23.118.51)
2018-06-07 07:00:13,449 INFO [NiFi Web Server-19] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for test-user
2018-06-07 07:00:13,612 INFO [NiFi Web Server-18] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<test-user><CN=*.test.com, OU=NIFI>) GET https://usdf24v0075.test.com:9091/nifi-api/flow/current-user (source ip: 10.23.132.140)
2018-06-07 07:00:13,615 WARN [NiFi Web Server-18] o.a.n.w.s.NiFiAuthenticationFilter Rejecting access to web api: Untrusted proxy CN=*.test.com, OU=NIFI
I have also deleted authorizers.xml and users.xml file from NIFI node and restarted NIFI as well. How to resolve it.? Please suggest. Thanks
... View more
Labels:
05-17-2018
10:16 AM
@Vishal Dhavale @Andy LoPresto @Sandeep Nemuri @Rishi @dvillarreal... Please suggest
... View more
05-17-2018
10:09 AM
@Geoffrey Shelton Okot, here is the info: In hue.ini, under besswax I set following: [[ssl]] # SSL communication enabled for this server. (optional since Hue 3.8) enabled=true # Path to Certificate Authority certificates. cacerts=/home/dev/hive-certificate/ca-chaincert.pem # Choose whether Hue should validate certificates received from the server. validate=true ca-chaincert.pem has following certificates: echo -n | openssl s_client -connect hadmgrndcc03-2.test.org:10001| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'> hadmgrndcc03-2.test.org.pem keytool -import-alias hadmgrndcc03-2.test.org -file hadmgrndcc03-2.test.org.pem -keystore ca-chaincert.pem keytool -import-alias rootca -file rootca -keystore ca-chaincert.pem keytool -import-alias intermediate -file intermediate -keystore ca-chaincert.pem
... View more
05-17-2018
06:20 AM
@Geoffrey Shelton Okot, could you please share link.
... View more
05-16-2018
11:47 AM
@Geoffrey Shelton Okot, I haven't set cacert path. Do we need to import certificates of Hive servers in cacert file? How can I create cacert file? We have internal CA signed certificate for Hive.
... View more
05-16-2018
11:20 AM
@Geoffrey Shelton Okot, What about cacert? do we need to include it?
... View more
05-16-2018
07:21 AM
@Neeraj Sabharwal @Kuldeep Kulkarni @Alexandru Anghel @Andy LoPresto ...Please suggest.
... View more
05-15-2018
12:17 PM
Hi, We are using HDP-2.3.4.0 and Hue-3.8 in our environment. We have enabled SSL for Hiveserver2. We haven't enabled SSL for Hue. Now, when we are trying to access SSL enabled Hive through Hue we are getting following error: Error!
Failed to retrieve tables for database: default
[Errno 185090050] _ssl.c:344: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
In hue.ini, under besswax I set following: [[ssl]]
# SSL communication enabled for this server. (optional since Hue 3.8)
enabled=true
# Path to Certificate Authority certificates.
cacerts=/home/dev/hive-certificate/ca-chaincert.pem
# Choose whether Hue should validate certificates received from the server.
validate=true ca-chaincert.pem has following certificates: echo -n | openssl s_client -connect hadmgrndcc03-2.test.org:10001 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > hadmgrndcc03-2.test.org.pem
keytool -import -alias hadmgrndcc03-2.test.org -file hadmgrndcc03-2.test.org.pem -keystore ca-chaincert.pem
keytool -import -alias rootca -file rootca -keystore ca-chaincert.pem
keytool -import -alias intermediate -file intermediate -keystore ca-chaincert.pem
How to access SSL enabled Hive through Hue? What configurations needs to be done? Please suggest. Thanks.
... View more
Labels:
- Labels:
-
Apache Hive
-
Cloudera Hue
05-11-2018
09:55 AM
Thanks @Rishi
... View more
05-11-2018
09:43 AM
@Rishi, in which HDP version is it fixed?
... View more