Member since
03-24-2015
16
Posts
1
Kudos Received
2
Solutions
My Accepted Solutions
| Title | Views | Posted |
|---|---|---|
| 1677 | 05-23-2022 08:05 PM |
03-19-2023
02:54 AM
Hi @dmharshit In case you have empty x_portal_user table, you can re-init your db with ranger init script "range_core_db_<db-type>.sql" Here is example command for mysql: $ mysql -h hostname -u user ranger < `locate ranger_core_db_mysql.sql` Restart Ranger then login with admin/admin.
... View more
05-23-2022
08:05 PM
I answer my own question. This is due to wrong user login format. It should be in email format. Change this efm.security.user.auth.adminIdentities=admin to efm.security.user.auth.adminIdentities=admin@domain.com Thank you.
... View more
05-23-2022
02:12 AM
Hi, I've been successfully secure EFM to Keycloak server with oidc auth. But Minifi agent wont show up in EFM Dashboard. I've check both EFM and minifi log but not found any clues. Need your help. Here my conf/efm.properties config: # Web Server TLS Properties efm.server.ssl.enabled=true efm.server.ssl.keyStore=/home/efm/certs/keystore.jks efm.server.ssl.keyStoreType=jks efm.server.ssl.keyStorePassword=ksPasswd efm.server.ssl.keyPassword=ksPasswd efm.server.ssl.trustStore=/home/efm/certs/truststore.jks efm.server.ssl.trustStoreType=jks efm.server.ssl.trustStorePassword=changeit efm.server.ssl.clientAuth=WANT # User Authentication Properties efm.security.user.auth.enabled=true efm.security.user.auth.adminIdentities=admin efm.security.user.auth.autoRegisterNewUsers=true efm.security.user.auth.authTokenExpiration=12h efm.security.user.certificate.enabled=true efm.security.user.oidc.enabled=true efm.security.user.oidc.issuerUri=https://keycloak.domain.com:8443/realms/efm efm.security.user.oidc.clientId=efm efm.security.user.oidc.clientSecret=gW23NlKxOfdsFmJMiarFNcXs454g1Zk4ZTew4 efm.security.user.oidc.scopes=profile,email efm.security.user.oidc.usernameAttribute=email efm.security.user.oidc.displayNameAttribute=name efm.security.user.oidc.staticConfig.enabled=false efm.security.user.oidc.staticConfig.authorizationUri= efm.security.user.oidc.staticConfig.tokenUri= efm.security.user.oidc.staticConfig.userInfoUri= efm.security.user.oidc.staticConfig.jwkSetUri= Minifi conf/bootstrap.conf: # Security Properties # # These properties take precedence over any equivalent properties specified in config.yml # nifi.minifi.security.keystore=/home/minifi/certs/keystore.jks nifi.minifi.security.keystoreType=jks nifi.minifi.security.keystorePasswd=ksPasswd nifi.minifi.security.keyPasswd=ksPasswd nifi.minifi.security.truststore=/home/minifi/certs/truststore.jks nifi.minifi.security.truststoreType=jks nifi.minifi.security.truststorePasswd=changeit nifi.minifi.security.ssl.protocol=TLSv1.2 nifi.minifi.sensitive.props.key=myEfmPassword123456 nifi.minifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL nifi.minifi.sensitive.props.provider=BC # MiNiFi Command & Control Configuration # C2 Properties # Enabling C2 Uncomment each of the following options # define those with missing options nifi.c2.enable=true ## define protocol parameters nifi.c2.rest.url=https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat nifi.c2.rest.url.ack=https://efm.domain.com:10090/efm/api/c2-protocol/acknowledge ## heartbeat in milliseconds. defaults to once a second nifi.c2.agent.heartbeat.period=1000 ## define parameters about your agent nifi.c2.agent.class=java-linux # Optional. Defaults to a hardware based unique identifier nifi.c2.agent.identifier=ip221 ## Define TLS security properties for C2 communications nifi.c2.security.truststore.location=/home/minifi/certs/truststore.jks nifi.c2.security.truststore.password=changeit nifi.c2.security.truststore.type=JKS nifi.c2.security.keystore.location=/home/minifi/certs/keystore.jks nifi.c2.security.keystore.password=ksPasswd nifi.c2.security.keystore.type=JKS nifi.c2.security.need.client.auth=true Minifi Logs: $ tail -f logs/minifi-bootstrap.log 2022-05-23 15:15:24,241 INFO [MiNiFi Bootstrap Command Listener] o.apache.nifi.minifi.bootstrap.RunMiNiFi The thread to run Apache MiNiFi is now running and listening for Bootstrap requests on port 37443 2022-05-23 15:15:29,119 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat 2022-05-23 15:15:29,813 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat 2022-05-23 15:15:30,803 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat 2022-05-23 15:15:31,784 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat 2022-05-23 15:15:32,778 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat 2022-05-23 15:15:33,782 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat 2022-05-23 15:15:34,779 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat 2022-05-23 15:15:35,773 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat 2022-05-23 15:15:36,778 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat 2022-05-23 15:15:37,776 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat 2022-05-23 15:15:38,771 INFO [pool-2-thread-1] o.a.n.m.b.s.r.RestHeartbeatReporter Performing request to https://efm.domain.com:10090/efm/api/c2-protocol/heartbeat EFM version efm-1.4.0.0-125 MiNiFi version minifi-0.6.0.1.3.1.0-68 References: - Agent authentication (cloudera.com) - https://nizan-shookroun.medium.com/install-and-configure-minifi-agents-f22a0cc09622
... View more
Labels:
- Labels:
-
Apache MiNiFi
-
Security