Hi, I am new with NiFi. I installed version 1.1.2 on a CentOS6 virtual machine for testing purposes. Installation went fine and I also secured it with certificates/keys etc via de toolkit. In the authorizers.xml I configured CN=admin as Initial Admin Identity. CN=admin was also used with the toolkit to generate the keys etc. I imported the certifacte in the browser and works fine. As testing purpose I want to assign roles to the admin. I can create a user but same as with the admin I don't know where to add which roles. In the admin guide on the apache nifi website they talk about connecting an ldap but I don't want that. I just want an admin and 1 or 2 users maybe in the application and assign roles. I see the described roles described in the admin guide but where and how do I configure that? The users.xml and authorizations.xml where nicely created. In the users.xml I have: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <tenants> <groups/> <users> <user identifier="1a0ab441-da40-30dd-b28c-c4a4c710d03c" identity="cn=admin"/> </users> </tenants> But if I add roles under under user admin then nifi service won't start anymore. <role name="ROLE_ADMIN"/> <role name="ROLE_DFM"/> Hope anyone can help me out :). With kind regards, Bram ... View more

Hi, I have some issues after initial setup and securing NiFi. I have setup a CentOS6 (including java) machine with hostname nifi.domeinbram.nl. I downloaded NiFi and the tls toolkit and extracted them to /opt. I ran nifi.sh install and startedt the nifi service. After the initial setup of NiFi 1.1.2 I can access the UI on port 8080/nifi fine. I then used the tls-toolkit for securing NiFi: ./tls-toolkit.sh standalone -n 'nifi.domeinbram.nl' -C 'CN=admin' -o keys/ I then copied the new nifi.properties, keystore.jks and truststore.jks to /opt/nifi/conf/. I imported the CN=admin.p12 into my browser and pasted the password in the CN=admin.password file and was successfully imported. In the authorizers.xml I added CN=admin as Initial Admin Identity and CN=nifi.domeinbram.nl as Node Idenity 1. I then restarted the nifi service but I get an access denied message. --------------------------- authorizers.xml <authorizer> <identifier>file-provider</identifier> <class>org.apache.nifi.authorization.FileAuthorizer</class> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Users File">./conf/users.xml</property> <property name="Initial Admin Identity">CN=admin</property> <property name="Legacy Authorized Users File"></property> <!-- Provide the identity (typically a DN) of each node when clustered, see above description of Node Identity. <property name="Node Identity 1"></property>--> <property name="Node Identity 1">CN=nifi.domeinbram.nl</property> </authorizer> --------------------------- users.xml <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <tenants> <groups/> <users> <user identifier="1a0ab441-da40-30dd-b28c-c4a4c710d03c" identity="cn=admin"/> </users> </tenants> --------------------------- authorizations.xml <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <authorizations> <policies> <policy identifier="fae5e3fa-eadf-3a72-bf76-d41db5fe3466" resource="/flow" action="R"> <user identifier="1a0ab441-da40-30dd-b28c-c4a4c710d03c"/> </policy> <policy identifier="18ca28ba-fda1-307d-9933-3f9ba9df87c8" resource="/restricted-components" action="W"> <user identifier="1a0ab441-da40-30dd-b28c-c4a4c710d03c"/> </policy> <policy identifier="d16181ab-64b4-373d-962f-37ec6dfea690" resource="/tenants" action="R"> <user identifier="1a0ab441-da40-30dd-b28c-c4a4c710d03c"/> </policy> <policy identifier="e1c46fdb-3a7a-3bbc-b5c3-a5105b95f45a" resource="/tenants" action="W"> <user identifier="1a0ab441-da40-30dd-b28c-c4a4c710d03c"/> </policy> <policy identifier="efd80e78-a828-3db0-af33-ee4f6016cdcb" resource="/policies" action="R"> <user identifier="1a0ab441-da40-30dd-b28c-c4a4c710d03c"/> </policy> <policy identifier="adb5c9f4-46e7-3805-b928-2c9baeebaa4e" resource="/policies" action="W"> <user identifier="1a0ab441-da40-30dd-b28c-c4a4c710d03c"/> </policy> <policy identifier="2bd33257-04ce-36ac-b4d8-265e4e3802af" resource="/controller" action="R"> <user identifier="1a0ab441-da40-30dd-b28c-c4a4c710d03c"/> </policy> <policy identifier="168c06df-f12d-3c7f-94c6-ac5600837140" resource="/controller" action="W"> <user identifier="1a0ab441-da40-30dd-b28c-c4a4c710d03c"/> </policy> </policies> </authorizations> --------------------------- Hope someone can help me out... doing something wrong :). Kind regards, Bram ... View more