hi @MattWho  Thanks for the reply. this is the exact information I wanted. ... View more

thanks a lot! ... View more

Hi Matt, thanks a lot for the explanation. I changed the path from truststore.jks to $JAVA_HOME\lib\security\cacerts on the StandardRestrictedSSLContextService settings , and worked fine !!!  ... View more

Thanks for the reply @MattWho  Firstly with the below configurations changes in authorizers.xml, I was able to store the users and their related authorization policies in database and I was able to successfully store the users and their permissions in postgresSQL database from registry <userGroupProvider> <identifier>database-user-group-provider</identifier> <class>org.apache.nifi.registry.security.authorization.database.DatabaseUserGroupProvider</class> <property name="Initial User Identity 1">DEV-ADMIN</property> </userGroupProvider> ------------------------------ <accessPolicyProvider> <identifier>database-access-policy-provider</identifier> <class>org.apache.nifi.registry.security.authorization.database.DatabaseAccessPolicyProvider</class> <property name="User Group Provider">database-user-group-provider</property> <property name="Initial Admin Identity">DEV-ADMIN</property> <property name="NiFi Identity 1"></property> <property name="NiFi Group Name"></property> </accessPolicyProvider> -------------------------------------- <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.registry.security.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">database-access-policy-provider</property> </authorizer>   Everything is working perfect. the only need here is to get the existing users.xml and authorizations.xml data migrated to Postgres DB and we can get rid of these files. Please help ... View more

Thank you sir. I was able to generate more users/client certificates by specifying multiple "-C CN=user1, OU=nifi" in addition to the initial command i have. ... View more

@sayak17  so this looks doable as I described above.  Not sure what program you are using in your screenshots as it does not show the full rest-api call structure. But your process would be as as follows: 1. Get bearer token 2. Extract bearer token from response body and place in FlowFile attribute 3. Format flowfile attribute as needed for use by the rest of the api-calls 4. Using bearer token make get request to the ../sites rest-api endpoint 5. Use ExtractText to extract the site id to a new FlowFile Attribute 6. Use bearer token again and use NiFi Expression Language to dynamically create the rest-api url to include the site id. 7. From response, extract the Drive id to another new FlowFile Attribute as above. 8. Use bearer token again and use NiFi Expression Language to dynamically create the rest-api url to include the drive id. 9 finally do whatever you need to do with the response json you get from that final rest-api call. Matt ... View more

@Meeran  Sharing the full exception that was output when you tried to import key maybe helpful, But I am also not sure why you are trying to add a Client private key to your AWS load-balancer? I am not well versed on AWS load balancer configuration, so helping you get past your LB setup/configuration issue may be difficult for me.  I do know TLS very well and explained the meaning of the two TLS exceptions you encountered.    The HTTPS LB exception could be resolved by making sure the TrustedCertEntry(s) for the complete trust chain for the HTTPS LB's privateKey are present in the NiFi-Registry's truststore.jks.  You should also add the trustedcertEntry for the NiFi CA you appeared to be using to the truststore used by your HTTPS LB. Thank you, Matt ... View more

@Drozu, Have any of the replies helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.   ... View more

Hello Matt, Thank you ! this solved the error (now I'm facing another one, but will figure it out 🙂 ). For further reference I had to configure those 3 lines in nifi.properties : nifi.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?) nifi.security.identity.mapping.transform.dn=NONE nifi.security.identity.mapping.value.dn=$1@$2   Thanks. Vince. ... View more