Member since
05-16-2025
5
Posts
0
Kudos Received
0
Solutions
10-02-2025
08:35 AM
@MattWho Thanks a lot for your help! My mistake was that I specified the CN in the username as I did earlier when setting up the nifi-registry user, now I entered it without the CN exactly as it is displayed in the user-log and as you said, and this solved the problem. Thanks again!
... View more
10-02-2025
06:54 AM
Hello! Following the advice from this post: https://community.cloudera.com/t5/Support-Questions/Accessing-NIFI-Metrics-endpoint-for-Prometheus-without/m-p/399710#M250535 I'm trying to set up certificate authentication/authorization from prometheus server to nifi, but getting 403 Forbidden. In Nifi user log i can see that authentication CN of certificate is successful, further comes the 403 error: Prometheus scrape config: Can you please tell what is wrong here?
... View more
Labels:
- Labels:
-
Apache NiFi
05-19-2025
09:10 AM
@MattWho Thank you for the answer Did I understand correctly that I need to add users to a group directly in the nifi-registry web interface if i use file-user-group-provider and there is no other way to do it non manual way?
... View more
05-16-2025
08:05 AM
Hello! I'm trying to set up Nifi-Registry OIDC authentication with Windows ADFS as oidc provider, but have no luck. Using self-signed sertificates for SSL connection i'm able to LOGIN in web interface with initial admin and create some groups with different priveleges, for examle nifi-reg-admins with full rights. In Active Directory this group is also present and the user nifi-admin-2@blackboks.ru is member of this group. In ADFS Management a have setup template Server application accessing a web API with issuance transform rule as "Send Groupmembership as a Claim". Respectively i choose nifi-reg-admins group as User group, Outgoing claim type - Group and Outgoing claim value - nifi-reg-admins. I can login with nifi-admin-2@blackboks.ru into web interface, but there is no admin priveleges at all and in logs i see this: INFO [NiFi Registry Web Server-39] o.a.n.r.w.m.AccessDeniedExceptionMapper identity[nifi-admin-2@blackboks.ru], groups[] does not have permission to access the requested resource. Unable to view users/user groups. Returning Forbidden response. It's like i don't have any groups but i do.. Here is OIDC sections in property file: nifi.registry.security.user.oidc.discovery.url=https://adfs.blackboks.ru/adfs/.well-known/openid-configuration
nifi.registry.security.user.oidc.connect.timeout=5 secs
nifi.registry.security.user.oidc.read.timeout=5 secs
nifi.registry.security.user.oidc.client.id=id
nifi.registry.security.user.oidc.client.secret=secret
nifi.registry.security.user.oidc.preferred.jwsalgorithm=RS256
nifi.registry.security.user.oidc.claim.groups=group
nifi.registry.security.user.oidc.claim.identifying.user=upn
nifi.registry.security.user.oidc.additional.scopes=openid,cn,email,group,role,roles,profile,offline_access Please help me to accomplish this
... View more
Labels:
- Labels:
-
NiFi Registry