Member since
01-22-2020
29
Posts
0
Kudos Received
1
Solution
My Accepted Solutions
| Title | Views | Posted |
|---|---|---|
| 6381 | 02-03-2020 08:08 PM |
11-03-2020
11:41 AM
2020-11-03 19:35:27,605 ERROR [NiFi Web Server-17] o.a.n.w.a.c.AdministrationExceptionMapper org.apache.nifi.admin.service.AdministrationException: Unable to validate the supplied credentials. Please contact the system administrator.. Returning Internal Server Error response. org.apache.nifi.admin.service.AdministrationException: Unable to validate the supplied credentials. Please contact the system administrator. at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:736) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191) at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103) at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493) at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415) at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104) at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:277) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268) at org.glassfish.jersey.internal.Errors.process(Errors.java:316) at org.glassfish.jersey.internal.Errors.process(Errors.java:298) at org.glassfish.jersey.internal.Errors.process(Errors.java:268) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289) at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256) at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703) at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416) at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) at org.apache.nifi.web.filter.RequestLogger.doFilter(RequestLogger.java:66) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:208) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.apache.nifi.web.filter.ExceptionFilter.doFilter(ExceptionFilter.java:46) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634) at org.apache.nifi.web.security.headers.StrictTransportSecurityFilter.doFilter(StrictTransportSecurityFilter.java:48) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.apache.nifi.web.security.headers.XSSProtectionFilter.doFilter(XSSProtectionFilter.java:48) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.apache.nifi.web.security.headers.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:47) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.apache.nifi.web.security.headers.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:48) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:724) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:61) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:531) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:291) at org.eclipse.jetty.io.ssl.SslConnection$3.succeeded(SslConnection.java:151) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:762) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:680) at java.lang.Thread.run(Thread.java:748) Caused by: org.apache.nifi.authentication.exception.IdentityAccessException: Unable to validate the supplied credentials. Please contact the system administrator. at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:340) at org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:315) at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:728) ... 83 common frames omitted Caused by: org.springframework.security.authentication.InternalAuthenticationServiceException: Failed to negotiate TLS session; nested exception is javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate. at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206) at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85) at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:310) ... 85 common frames omitted Caused by: org.springframework.ldap.UncategorizedLdapException: Failed to negotiate TLS session; nested exception is javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate. at org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy.processContextAfterCreation(AbstractTlsDirContextAuthenticationStrategy.java:153) at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:142) at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158) at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802) at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:316) at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:127) at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:95) at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:187) ... 87 common frames omitted Caused by: javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate. at com.sun.jndi.ldap.ext.StartTlsResponseImpl.verify(StartTlsResponseImpl.java:447) at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:225) at org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy.processContextAfterCreation(AbstractTlsDirContextAuthenticationStrategy.java:136) ... 94 common frames omitted Caused by: java.security.cert.CertificateException: Illegal given domain name: at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:207) at sun.security.util.HostnameChecker.match(HostnameChecker.java:102) at sun.security.util.HostnameChecker.match(HostnameChecker.java:108) at com.sun.jndi.ldap.ext.StartTlsResponseImpl.verify(StartTlsResponseImpl.java:426) ... 96 common frames omitted Caused by: java.lang.IllegalArgumentException: Server name value of host_name cannot be empty at javax.net.ssl.SNIHostName.checkHostName(SNIHostName.java:314) at javax.net.ssl.SNIHostName.<init>(SNIHostName.java:108) at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:205) ... 99 common frames omitted @TimothySpann @MattWho please advice im able to login using the initial admin identity user cert. whereas users from AD getting this error.
... View more
Labels:
- Labels:
-
Apache NiFi
10-22-2020
11:18 AM
Thanks, Tim, my whole Idea is, developers should be able to replay the message from the provenance for at least 5 days as per the requirements I'm assuming the only solution is BUMP up the provenance storage to achieve replay capability. please let me know your thoughts!.
... View more
10-22-2020
10:56 AM
Hi Tim, Are you recommending to role nifi provenance? could you provide more pointers?
... View more
10-22-2020
09:32 AM
@TimothySpann thanks for the update. restarted the cluster 2 weeks back after making changes. but still, the Provenance repo is piling up. surprised to see that huge disc being filled by provenance
... View more
10-22-2020
09:14 AM
HDF 3.4.1 NIFI 1.9 - NIFI Provenance Repository filling disc 500GB I have a requirement to retain provenance for 5 days and made necessary changes - provenance retaining hardly - 2 days and less content_repo - 500GB utilization 10% Provenence_repo - 500GB Utilization 98% flowfile_repo - 500GB utilization 10% below are the configs @MattWho @TimothySpann Please advice
... View more
Labels:
- Labels:
-
Apache NiFi
08-04-2020
09:41 PM
@sunile_manjee i have generated certs for bothe cluster nifi, nifi registrty using below commands do i need to add jks from cluster A nifi to cluster B registry sh /usr/hdf/current/nifi-toolkit/bin/tls-toolkit.sh standalone -B myTokenTouse -C 'CN=nifiadmin, OU=NIFI' -n 'nifi-pb-amb-01.its-streaming,nifi-pb-nifi-01.its-streaming,nifi-pb-nifi-02.its-streaming,nifi-pb-nifi-03.its-streaming,nifi-pb-nreg-01.its-streaming' --nifiDnPrefix 'CN=' --nifiDnSuffix ', OU=NIFI' -o /data/nifi_certs/ -K myTokenTouse -P myTokenTouse -S myTokenTouse
... View more
08-04-2020
02:44 PM
Thanks @sunile_manjee cluster A NIfi & Registry are managed by Ranger, working well. hence I added cluster B nifi node cert to cluster A Ranger user and then added to Registry policy. clusterB nifi user logs: 2020-08-04 21:40:37,824 INFO [NiFi Web Server-333] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for divya 2020-08-04 21:40:37,833 INFO [NiFi Web Server-333] o.a.n.w.a.config.NiFiCoreExceptionMapper org.apache.nifi.web.NiFiCoreException: Unable to obtain listing of buckets: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors. Returning Conflict response. NIFI GUI exception: any advice
... View more
08-04-2020
09:52 AM
Hello all, I have HDF 3.4 cluster A with nifi and nifi registry integrated, cluster B with NIFI. both are tls/ssl secured. now I'm trying to use the cluster A NIFI registry for NIFI running on cluster B. noticing below error when trying to version a flow from cluster B NIFI integrated with cluster A registry I have added cluster B nifi node cert to registry users list but still same error CN=its-nifi-node-dev-nifipoc1-01, OU=NIFI @alim @MattWho @sunile_manjee please advice
... View more
Labels:
- Labels:
-
Apache NiFi
-
NiFi Registry
02-19-2020
06:08 PM
@StevenOD even I am unable to download CFM , so this is no more opensource? seems lots of information is lagging on the HDF part too. Appreciate if you can provide any references about HDF and its future state Access Restricted You must be a CFM customer to access these downloads. If you believe you should have this entitlement then please reach out to support or your customer service representative.
... View more
02-19-2020
05:54 PM
is HDF opensource flatform still available as this includes Ranger whereas CDF doesn't have Ranger? is CDP opensource platform available on the cloud
... View more
