Cloudera Community
serega05
user rank
New Contributor

Re: NiFi and NiFi Registry authentication error

by New Contributor in Support Questions
‎06-14-2018 09:35 AM
1 Kudo
‎06-14-2018 09:35 AM
1 Kudo
Thank you very much for your help, but it doesn't work for me 😕 I have checked DN of my keystore.p12 with this command "keytool -list -keystore keystore.p12 -storepass {mypass} -storetype PKCS12 -v": ... Creation date: Jun 14, 2018 Entry type: PrivateKeyEntry Certificate chain length: 2 Certificate[1]: Owner: CN=*.mydomain.org Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US ... and added new NiFi user "CN=*.mydomain.org". If i check nifi-user.log after mentioned error, it looks like this (it's looking for my LDAP account "max.musti"): "... 2018-06-14 09:03:39,320 INFO [NiFi Web Server-22802] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for max.musti 2018-06-14 09:03:39,435 INFO [NiFi Web Server-22823] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for () GET https://nifi.mydomain.org/nifi-api/flow/registries/ac177c35-0163-1000-5bd9-f957d9a80534/buckets (source ip: 192.168.32.1) 2018-06-14 09:03:39,436 INFO [NiFi Web Server-22823] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for max.musti 2018-06-14 09:03:39,522 INFO [NiFi Web Server-22823] o.a.n.w.a.config.NiFiCoreExceptionMapper org.apache.nifi.web.NiFiCoreException: Unable to obtain listing of buckets: org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving all buckets: An Authentication object was not found in the SecurityContext Contact the system administrator. . Returning Conflict response." Maybe there is something wrong with nginx settings (proxy?), docker configs or LDAP, i have tried a lot of different configurations, but currently without success. I would be very thankful for further suggestions. ... View more

Re: NiFi and NiFi Registry authentication error

by New Contributor in Support Questions
‎05-29-2018 01:44 PM
‎05-29-2018 01:44 PM
@Umair Khan Thank you for the answer! Can you give a concrete example, please? Need I create a new user (or group?) with DN as login, like "CN=*.mydomain.org" (I have a wildcard certificate) in NiFi/NiFi Registry and set policies ("proxy user requests"), right? ... View more

NiFi and NiFi Registry authentication error

by New Contributor in Support Questions
‎05-28-2018 09:21 AM
‎05-28-2018 09:21 AM
Hello, I would like to use NiFi and NiFi Registry in secured context (with LDAP auth) on my server. User login with credentials works, but I receive the following error when I attempt to get buckets from NiFi Registry: "Unable to obtain listing of buckets: org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving all buckets: An Authentication object was not found in the SecurityContext Contact the system administrator." My set-up: * docker-compose with nifi and nifi-registry: version: '3' services: nifi: image: apache/nifi:latest ports: - "8443:8443" volumes: - /srv/nifi/certs:/opt/certs environment: AUTH: ldap KEYSTORE_PATH: /opt/certs/keystore.p12 KEYSTORE_TYPE: PKCS12 KEYSTORE_PASSWORD: changed TRUSTSTORE_PATH: /opt/certs/truststore.jks TRUSTSTORE_PASSWORD: changed TRUSTSTORE_TYPE: JKS INITIAL_ADMIN_IDENTITY: 'foo.bar' LDAP_AUTHENTICATION_STRATEGY: 'SIMPLE' LDAP_MANAGER_DN: 'cn=admin,dc=mydomain,dc=com' LDAP_MANAGER_PASSWORD: 'changed' LDAP_USER_SEARCH_BASE: 'ou=people,dc=mydomain,dc=com' LDAP_USER_SEARCH_FILTER: 'uid={0}' LDAP_IDENTITY_STRATEGY: 'USE_USERNAME' LDAP_URL: 'ldap://my-ip:389' networks: - nifi nifi-registry: image: apache/nifi-registry:latest ports: - "18443:18443" volumes: - /srv/nifi/certs:/opt/certs environment: AUTH: ldap KEYSTORE_PATH: /opt/certs/keystore.p12 KEYSTORE_TYPE: PKCS12 KEYSTORE_PASSWORD: changed TRUSTSTORE_PATH: /opt/certs/truststore.jks TRUSTSTORE_PASSWORD: changed TRUSTSTORE_TYPE: JKS INITIAL_ADMIN_IDENTITY: 'foo.bar' LDAP_AUTHENTICATION_STRATEGY: 'SIMPLE' LDAP_MANAGER_DN: 'cn=admin,dc=mydomain,dc=com' LDAP_MANAGER_PASSWORD: 'changed' LDAP_USER_SEARCH_BASE: 'ou=people,dc=mydomain,dc=com' LDAP_USER_SEARCH_FILTER: 'uid={0}' LDAP_IDENTITY_STRATEGY: 'USE_USERNAME' LDAP_URL: 'ldap://my-ip:389' networks: - nifi networks: nifi: driver: bridge * LDAP server using SIMPLE authentication * nginx on one server with two subdomains: NiFi subdomain: server { listen 443 ssl; server_name nifi.mydomain.com; access_log /var/log/nginx/nifi.mydomain.com_access.log; error_log /var/log/nginx/nifi.mydomain.com_error.log; ssl_certificate /srv/certs/fullchain.pem; ssl_certificate_key /srv/certs/privkey.pem; location ^~ /.well-known/acme-challenge/ { allow all; root /var/www; } location / { proxy_pass https://localhost:8443/; } } NiFi Registry: server { listen 443 ssl; server_name registry.mydomain.com; access_log /var/log/nginx/registry.mydomain.com_access.log; error_log /var/log/nginx/registry.mydomain.com_error.log; ssl_certificate /srv/certs/fullchain.pem; ssl_certificate_key /srv/certs/privkey.pem; location ^~ /.well-known/acme-challenge/ { allow all; root /var/www; } location / { proxy_pass https://localhost:18443/; } } Is there any config that I have missed? Thanks! ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎06-14-2018 09:42 AM
Community Statistics
Member Since ‎05-25-2018 12:08 PM
Last Visited ‎06-14-2018 09:42 AM
Posts 3
Kudos received 1