Hi @Wynner, When I set Volatile content repository properties: nifi.volatile.content.repository.max.size=1 GB nifi.volatile.content.repository.block.size=32 KB It shows me "Content Repository out of space " exception, when I process a 20M dataset. From the code comment, I found " If no Backup Repository has been specified, when the threshold is exceeded, an IOException will be thrown" https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/repository/VolatileContentRepository.java 1. How to setup the Backup Repository for volatile content repository? 2. Is my above setting for "nifi.volatile.content.repository.max.size" correct? It seems still using the default 100MB. Thanks. ... View more

Hi @Bryan Bende I have a new issue when I tried to login Initial Admin Identity by using username and password. In previous test, I successfully made the client cert login work. I have an principle "admin@NIFI.COM" in kerberos, and "admin@NIFI.COM" as Initial Admin in authorizers.xml When I login as "admin", the user log shows: 2017-09-28 14:27:06,112 INFO [NiFi Web Server-120] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for admin@NIFI.COM 2017-09-28 14:32:13,193 ERROR [NiFi Web Server-19] o.a.nifi.web.security.jwt.JwtService There was an error validating the JWT io.jsonwebtoken.JwtException: Unable to validate the access token. Caused by: io.jsonwebtoken.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted. When the nifi cluster is up, I can login in as "admin". After logout, and login again, NiFi gives me above error. Is it caused by the browser cache the token? Thanks. ... View more

Hi @bkosaraju, Below command works to generate a token. $ curl -k 'https://<nifi-server>:9091/nifi-api/access/token'-H 'Accept-Encoding: gzip, deflate, br'-H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'-H 'Accept: */*'--data 'username=<username>&password=<password>'--compressed However, $ curl -k -X GET 'https://<nifi-server>:9091/nifi-api/cluster/summary' -H 'Authorization: Bearer $token' --compressed returns: Unable to validate the access token. Any idea about it? Do I need to run above commands in one nifi node, or any machine? Thanks. ... View more

hi @bkosaraju, Thank you for your response. I did enable the kerberos-provider section. I guess I need to install krb5-user on the machine I will run the above commends, right? I was just wondering whether I need to use keytool to import nifi-cert.pem in my machine? What's the usage of nifi-cert.pem generated by the tls-tool? Thanks. ... View more

Hi @Arti Wadhwani, Could we use username/password of the principle created in Kerberos to login? Since I don't have kinit in nifi node. Thanks. ... View more

Hi @Bryan Bende, I deleted my previous replies since it's misleading. Let me restate the current issue clearly. The reason I saw below error "Unknown user with identity 'alvin@NIFI.COM'. Contact the system administrator." is due to I login Initial Admin account to add user "CN=alvin, OU=NIFI.COM" in NiFi web. The correct way is to add 'alvin@NIFI.COM' and set its policy. After that my issue is gone. Thanks. ... View more

Hi @Bryan Bende, It seems the authentication works now. But I have issue with authorization. I used the file-based authorization approach. After I type username and password, it says "Unknown user with identity 'alvin@NIFI.COM'. Contact the system administrator." instead of prompting out "Justification" page. Any idea? Thanks. 2017-09-08 19:48:33,294 INFO [NiFi Web Server-29] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for alvin@NIFI.COM 2017-09-08 19:48:33,295 INFO [NiFi Web Server-29] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[alvin@NIFI.COM], groups[none] does not have permission to access the requested resource. Unknown user with identity 'alvin@NIFI.COM'. Returning Forbidden response. 2017-09-08 19:48:33,295 DEBUG [NiFi Web Server-29] o.a.n.w.a.c.AccessDeniedExceptionMapper org.apache.nifi.authorization.AccessDeniedException: Unknown user with identity 'alvin@NIFI.COM'. at org.apache.nifi.web.api.FlowResource.authorizeFlow(FlowResource.java:230) at org.apache.nifi.web.api.FlowResource.getCurrentUser(FlowResource.java:316) ... View more

Hi @Bryan Bende, Thank you for this tutorial. Very helpful. May I ask do we need to also set up below properties in a cluster mode? nifi.kerberos.service.principal nifi.kerberos.service.keytab.location Is kerberos.service and kerberos.spnego one or another? Or both must be set? Since I saw some examples set up kerberos.service rather than kerberos.spnego, e.g. https://community.hortonworks.com/articles/34147/nifi-security-user-authentication-with-kerberos.html Thanks. ... View more