Cloudera Community
vg27
user rank
Explorer

Re: Nifi : Unable to elect cluster coordinator

by Community Manager Community Manager in Support Questions
‎10-23-2024 11:53 AM
1 Kudo
‎10-23-2024 11:53 AM
1 Kudo
@vg27 I have submitted your information to the team, they will be contacting you with the following steps, thanks! ... View more

Re: NIFI cluster Application setup in Azure envir...

by Master Mentor Master Mentor in Support Questions
‎10-21-2024 06:18 AM
‎10-21-2024 06:18 AM
@vg27  1. So i understand that you have created client certificates for your user.  What authority was used to sign these user certificates?  Was this authority added to the NiFi configured truststore? When you open a browser to NiFi's url, NiFi will respond with a WANT for a clientAuth certificate along with a list of trusted authorities from its truststore.  If your certificate loaded in your browser is  not signed by one of those authorities it will not be presented to NiFi.   If no clientAuth certificate is presented, NiFi will move on to another configured method of user authentication.  The fact that you are seeing  the NiFi login UI, tells me the TLS exchange did not result in a clientAuth certificate being presented by yoru browser. With certificate based mutual Auth there is no login required.  3. "nifi.security.user.login.identity.provider=singleUser" is not a valid configuration. I assume you meant "nifi.security.user.login.identity.provider=single-user-provider.   With "Single-user-provider" configured, the only username and password accepted would be for the single user credentials Nifi auto-generated and output to the logs the first time NiFi was started with that provider configured. If you have no intention of using the single-user-provider, just leave "nifi.security.user.login.identity.provider=" unset. 4. you don't need to worry about sticky sessions if you are only using certificate based authentication, since your client certificate would be passed in every request and their are no tokens involved like in login based providers. If you did decide to use a login-provider like LDAP or Kerberos later, sticky sessions would need to be setup first or you may never be able to access the UI.  Once you enter the username and password, the next request goes is to access UI using that token and if the load balancer were to redirect that to a different node, the UI would not load but instead throw and exception about the unknown user. Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

Re: NIFI USER Setup

by Community Manager Community Manager in Support Questions
‎10-14-2024 02:54 PM
1 Kudo
‎10-14-2024 02:54 PM
1 Kudo
@vg27 Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks. ... View more
Contact Me
Online
Offline
Last Visited
‎12-18-2024 01:01 AM
Community Statistics
Member Since ‎10-06-2024 11:02 PM
Last Visited ‎12-18-2024 01:01 AM
Posts 7
Kudos received 3