I have been some issues to configuring Apache Nifi using an existing certificate. My use case is:   I'm generating the truststore and the keystore from an existing tls.pem and tls.key that my ingress is using, from this I set the referent configurations of TLS and OpenId (I have created a custom image based on the official Nifi's image).   Everything its working, although when I try to access the UI and the redirects to the openId occurs the Nifi throw an exception, these are the last logs shown in the nifi-user.log:   2021-07-22 09:58:05,814 INFO [NiFi Web Server-25] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=MY-HOST) GET https://MY-HOST/nifi-api/flow/current-u ser (source ip: xx.xxx.xxx.xxx) 2021-07-22 09:58:05,815 INFO [NiFi Web Server-25] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=MY-HOST 2021-07-22 09:58:05,818 INFO [NiFi Web Server-25] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[CN=MY-HOST], groups[] does not have permission to access the requested resource. Unknown user with id entity 'CN=MY-HOST'. Returning Forbidden response.   Although according the documentation to this documentation: NiFi’s web server will REQUIRE certificate based client authentication for users accessing the User Interface when not configured with an alternative authentication mechanism which would require one way SSL (for instance LDAP, OpenId Connect, etc). Enabling an alternative authentication mechanism will configure the web server to WANT certificate base client authentication. This will allow it to support users with certificates and those without that may be logging in with credentials. See User Authentication for more details.   This should not happens, someone have just passed for this before? What am I missing? ... View more