About jai1gupta

jai1gupta · ‎11-02-2023

@MattWho after changing the nifi.security.user.oidc.truststore.strategy to NIFI my error got resolved. now when i access the nifi on browser i get this error i think this error is because my nifi is not secured over https. i've already ran this command please tell me what can i do next to make it secured. Thanks

jai1gupta · ‎10-31-2023

@MattWho @SAMSAL @cotopaul

jai1gupta · ‎10-31-2023

Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://accounts.google.com/.well-known/openid-configuration": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; this is error which im getting my nifi.properties file is as follows :- nifi.security.autoreload.enabled=false nifi.security.autoreload.interval=10 secs nifi.security.keystore=./conf/keystore.jks nifi.security.keystoreType=jks nifi.security.keystorePasswd=tyiImfLpqM5/qX1l0VsjK7sxhQx5YZFOZgstogGz8Ek nifi.security.keyPasswd=tyiImfLpqM5/qX1l0VsjK7sxhQx5YZFOZgstogGz8Ek nifi.security.truststore=./conf/truststore.jks nifi.security.truststoreType=jks nifi.security.truststorePasswd=vFF0nH+45S5ESohcQsH37s/bqJ/Kmy5RiHpL+ZWo2VU nifi.security.user.authorizer=managed-authorizer nifi.security.allow.anonymous.authentication=false nifi.security.user.login.identity.provider= nifi.security.user.jws.key.rotation.period=PT1H nifi.security.ocsp.responder.url= nifi.security.ocsp.responder.certificate= # OpenId Connect SSO Properties # nifi.security.user.oidc.discovery.url=https://accounts.google.com/.well-known/openid-configuration nifi.security.user.oidc.connect.timeout=5 secs nifi.security.user.oidc.read.timeout=5 secs nifi.security.user.oidc.client.id=/*my generated client id*/ nifi.security.user.oidc.client.secret=/*my generated client secret*/ nifi.security.user.oidc.preferred.jwsalgorithm= nifi.security.user.oidc.additional.scopes=offline_access nifi.security.user.oidc.claim.identifying.user= nifi.security.user.oidc.fallback.claims.identifying.user= nifi.security.user.oidc.claim.groups=groups nifi.security.user.oidc.truststore.strategy=JDK nifi.security.user.oidc.token.refresh.window=60 secs authorizers.xml is as follows:- <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Legacy Authorized Users File"></property> <property name="Initial User Identity 1">myemailID@gmail.c</property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">file-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">myemailID@gmail.com</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1"></property> <property name="Node Group"></property> </accessPolicyProvider> <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer> i also added cerficate for accounts.google.com in /conf/truststore.jks and cacerts in JRE and i'm still getting the same error. this is google api console setup as of now i'm trying to follow this article https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect please help me in fixing this issue. Thanks and Regards.

jai1gupta · ‎10-27-2023

Hi @MattWho thanks for the fast reply. i'm using nifi 1.23.2. so after version 1.14 isn't nifi secured over https by default?

jai1gupta · ‎10-27-2023

@MattWho @SAMSAL @cotopaul

jai1gupta · ‎10-27-2023

I am new to Apache NiFi and have a fresh apache NiFi instance on my local system and i want to create 3 users and authenticate them with openID/google oAuth from their email ID( instead of seeing the usual NiFi login screen, i want to see the google authentication window where i can use my email id to login). i tried to follow the bryan bende's article on it but it feels very outdated for now. (https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect) please help me with this and provide me with a step-by-step breakdown on how can i achieve this? Thanks

jai1gupta · ‎10-26-2023

@MattWho

jai1gupta · ‎10-26-2023

i generated a .p12 certificate using tls-toolkit by using following command :- ./tls-toolkit.sh standalone -n 'localhost' -B admin1admin -C 'CN=admin,OU=lending' when i try to upload this certificate in keychain access, it shows invalid password and after trying multiple time with the correct password, an error is thrown "mac verification failed during pkcs12 import (wrong password?)". please help me in solving this issue.

jai1gupta · ‎10-26-2023

Hi matt, can you kindly some detailed explanation on how do i create multiple authorizers.xml like if can change in the existing authorizers.xml or do i need to create new authorizer file and if yes how can i integrate it with the config files? that would be really helpful and kind of you thanks and regards

Online	Offline
Last Visited	‎11-06-2023 02:36 AM

Member Since	‎10-26-2023 12:47 AM
Last Visited	‎11-06-2023 02:36 AM
Posts	9

Cloudera Community

Re: trying to authenticate nifi with openID using ...

Re: trying to authenticate nifi with openID using ...

trying to authenticate nifi with openID using goog...

Re: Apache NiFi user authentication + creation of ...

Re: Apache NiFi user authentication + creation of ...

Apache NiFi user authentication + creation of mult...

Re: failed at uploading .p12 certificate in keycha...

failed at uploading .p12 certificate in keychain a...

Re: How to set passwords for multiple users in Apa...