Hey MattWho, I gotta say, THANK YOU so much for writing this guide. Seriously, this saved me sooo much time, having zero experience with setting up SSL chains. Really appreciate everything you've done to help me/us get nifi working!! ... View more

Thanks so much Matt!! You've been a huge help in getting my mind wrapped around all of this. If you can't tell, I'm a bit new to authentication and authorization! I really appreciate everything you've done to point me in the right direction. If things go as planned, I *should* have a NiFi node working by the end of the day! Here's one more for you, though. I'm having to reinstall the NiFi service on a new host because some property values are messed up after all of my tinkering trying to get things to work. The node will start up, HTTPS will be working, I can successfully log into the WebUI, but then after ~5 minutes or so, something happens and it reverts to trying to use HTTP and reports that it is trying to connect to the site on the HTTP port and fails to do so. I believe everything is configured in CM properly but there are some local configs that aren't right, or profiles that need to be deleted in order for new (correct) profiles to be created automatically. If this rings any bells I would love to learn more about how to fix it, but for now it seems the best thing to do is to do a fresh install. Aloha! ... View more

I assumed as such, actually! My bad for not communicating that I'm configuring from within CM. We don't have a support license yet, but are hoping to ASAP. Just for basic, SIMPLE LDAP authentication should I need to configure safety valves? It seems like I should be able to get it working with the configurations available. However, it's getting stuck somewhere. I can connect to the server via HTTPS and I get a login screen. Should I be able to log in without LDAP using the initial admin + master password? ... View more

Thanks so much Matt!! So, security is working now. BUT no luck logging in with ldap yet. Do I need to configure the safety valves in order to access   login-identity-providers.xml [root@nifi /]# find . -name login-identity-providers.xml ./run/cloudera-scm-agent/process/196-nifi-NIFI_NODE/login-identity-providers.xml ./run/cloudera-scm-agent/process/196-nifi-NIFI_NODE/aux/defaults/login-identity-providers.xml ./run/cloudera-scm-agent/process/195-nifi-NIFI_NODE/login-identity-providers.xml ./run/cloudera-scm-agent/process/195-nifi-NIFI_NODE/aux/defaults/login-identity-providers.xml ./run/cloudera-scm-agent/process/194-nifi-NIFI_NODE/login-identity-providers.xml ./run/cloudera-scm-agent/process/194-nifi-NIFI_NODE/aux/defaults/login-identity-providers.xml ./run/cloudera-scm-agent/process/181-nifi-NIFI_NODE/login-identity-providers.xml ./run/cloudera-scm-agent/process/181-nifi-NIFI_NODE/aux/defaults/login-identity-providers.xml   Are there multiple processes running as a security measure, or is something on configured properly? I have no idea which login-identity-providers.xml to edit! ... View more

I've been trying to get this to work for many days now and keep running into issues, so I would appreciate any input anyone has to offer on this. I need to enable a self-signed TLS 1.2 cert for HTTPS on the single NiFi node in my cluster in order to authenticate via LDAP. Jetty is the current webserver running on NiFi, and everything is working fine except there is no authentication method so anyone who has access to it can go in and make changes. I've read the documentation provided quite a bit, but still have many questions unanswered. Is NiFi Toolkit CA  primarily for securing multiple NiFi Nodes, or should I be using it to get HTTPS set up on the server? ... View more

Will do, Thanks @MattWho. I actually didn't realize that NiFi can't be authenticated via HTTP until after putting many, many hours into trying to get it to work! I'm not sure if you're involved with writing the documentation for CFM or not, but it may be beneficial to make it more clear that LDAP Authentication via HTTP isn't possible. I'm on to setting up TLS now, but if I have more issues I will ask in community. Thanks so much for your help. I hope no one else spends as much time as I did trying to troubleshoot why auth wasn't working for HTTP! Derp... Aloha 🙂 ... View more

Thanks so much! I've noted this for future issues. After trying everything I could, I ended up just reinstalling on a different host. I've got another (probably simple!) question for you though regarding NiFi. I've followed every step on the documentation trying to set up LDAP login via Active Directory user accounts, and even after selecting ldap as the auth method, connecting to the nifi webclient UI sends me right into the UI without entering any login credentials. I've been trying to figure out how to integrate LDAP login for the better part of a week now by following the Cloudera CFM 1.0.1 documentation. ... View more

The problem was that I did not have my database host connected. For some reason I thought that I had set up the database to be internal without the SCM host, but I was wrong! I decomissioned the database host and it prevented heartbeating from happening. ... View more