Hi @haridjh I tried to delete the VC using `cdp de delete-vc --vc-id...  --cluster-id...` and got an error result of auth failed: (Status Code: 403; Error Code: PERMISSION_DENIED; Service: de; Operation: deleteVc; Request ID: 94ac6721-5242-43d2-963b-c5b907ca030c;)   ... View more

Hello @MattWho thanks for the information.  I'm already running the process only on the Primary node.  I will monitor and take a thread dump if it occurs again.  ... View more

I regenterate the keystore with the common server name.  Nifi UI works but I thought I can find the username/password in the nifi-bootstrap.log  I found the username and password encrypted in login-identity-providers.xml how can I decrypt them, or should I generate a new username/password and how? thank you. BN           ... View more

Hello @TyTheNiFiGuy,  Thanks for being part of our community.  I was checking that NiFi Registry does not have support for asymmetric RSA such as RS256.  That is a limitation itself, and not a problem in your token.  The log do tell this:  2026-01-02 18:22:27,220 INFO [NiFi logging handler] org.apache.nifi.registry.StdOut Caused by: java.lang.IllegalArgumentException: The default resolveSigningKey(JwsHeader, Claims) implementation cannot be used for asymmetric key algorithms (RSA, Elliptic Curve).  Override the resolveSigningKey(JwsHeader, Claims) method instead and return a Key instance appropriate for the RS256 algorithm.  Checking the code, I see that only HS256 is supported:  private static final MacAlgorithm SIGNATURE_ALGORITHM = Jwts.SIG.HS256; https://github.com/apache/nifi/blob/9998b6d9ce21a66db240ff6131fc882002285e8b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/jwt/JwtService.java#L53C1-L54C1  ... View more

Hello @vafs  Sorry for the late reply. Thanks, the tip helped. I also had to replace the self-signed certificate from nifi. Then I was able to access it. 🙂 bg mirko ... View more

"how this relates to Cloudera?": there was some lawsuit regarding usage of the code in Intel's ISA-L repository, but I don't know if the patents you mentioned were involved. Intel faced a similar lawsuit, but that was dismissed in 2022 due to an NDA.  I don't know if the Intel lawsuit had any effect on the Cloudera lawsuit. As for PSHUFB patents, most of them are a series of patents filed by William W. Macy, Jr. and others at Intel: https://patents.justia.com/inventor/william-w-macy-jr?page=3 Several of those patents were filed in 2003, but granted in 2010, and 2010 was the first year that Intel included PSHUFB in a processor. Did those patents require an actual hardware implementation before they could be granted? Looking at the patents you linked to, aren't some of those claims essentially duplicates of Intel's patent claims? The point of Intel's ISA-L (Intelligent Storage Acceleration) is to take advantage of instructions that that speed up stuff like CRC (X86 - pclmulqdq) or erasure or error correcting code (X86 - pshufb, vgf2p8affineqb, ...). The most recent activity has been for RISC-V. I worked with LTO tape drives that implemented hardware error correction code on a matrix with a lot of parallel operations, while software was used during development. Some of the software and hardware developers in the tape drive community were doing this stuff back in the mid 1980's. ... View more

@MattWho Apologies for the delay here. I could finally try using certificates with the EKU Extensions and I do not see a similar authentication issue anymore.  Thank you for the kind assistance!  ... View more

@fy-test  Apache NiFi  is only going to be able to address CVEs found in the NiFi-Registry package lib directory files included with the distribution.  Any OS/System-level CVEs would need to be addressed by the owner of the platform on which the NIFi-Registry services is being used. You can find the Apache NiFi Security Reporting here: https://nifi.apache.org/documentation/security/ You'll find CVEs already addressed in NiFi and NiFi-Registry on the above page.  You'll also see how to report any new security vulnerabilities you may discover.   Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

Thanks for responding with a resolution that worked for you, @Pedro_E. I'll mark your response as a solution.  ... View more