Cloudera Community
shamika
user rank
Explorer

Re: Faceing Cluster connection issue with nifi ui

by Master Collaborator Master Collaborator in Support Questions
‎06-18-2024 01:10 AM
2 Kudos
‎06-18-2024 01:10 AM
2 Kudos
This warning indicates that there might be an issue with the PKIX validation, which is related to the SSL certificates. PKIX validation is used to verify the trustworthiness of SSL certificates during the SSL handshake process. If the validation fails, it means that the SSL certificate cannot be trusted, potentially leading to connection issues. To resolve this issue, you can try the following steps: 1. Check the SSL certificate configuration: Verify that the SSL certificates are correctly configured in the Nifi cluster. Ensure that the certificates are valid and trusted. 2. Check the keystore and truststore: Ensure that the Keystore and Truststore files are properly configured and contain the necessary certificates. Make sure that they have not expired or been revoked. 3. Verify the server's hostname: Ensure that the server hostname in the SSL certificate matches the actual hostname of the Nifi cluster. If they do not match, it can cause PKIX validation failures. 4. Check the time synchronization: Ensure that the system time on all the machines in the Nifi cluster is synchronized. A time difference between machines can lead to certificate validation issues. 5. Update the Java truststore: If the SSL certificate is self-signed or issued by an intermediate CA, it might not be recognized by Java by default. You may need to import the certificate into the Java truststore using the keytool utility. 6. Restart Nifi and validate the cluster status: After making any changes or adjustments, restart Nifi and monitor the cluster status. Check if the disconnectivity issue is resolved.  ... View more

Re: Kerberos authentication error in solr ui

by Master Collaborator Master Collaborator in Support Questions
‎09-05-2023 01:38 AM
‎09-05-2023 01:38 AM
@Shiseems like you have enabled Spnego authentication for Solr web UI. To access the page, you need to have a Kerberos ticket on your machine from which you access the page. Do Kinit and then try to access the page ... View more

Re: Authentication scheme not supported in solr ui

by Master Collaborator Master Collaborator in Support Questions
‎09-05-2023 01:32 AM
‎09-05-2023 01:32 AM
@ShiIt seems like you don't have a valid Kerberos ticket. Make sure you have a Kerberos ticket on the host where you're accessing the page. ... View more

Re: No applicable policy found error while login t...

by Master Mentor Master Mentor in Support Questions
‎07-14-2023 02:27 PM
‎07-14-2023 02:27 PM
@shamika  NiFi based authorization is case sensitive. 2023-07-12 10:46:40,800 INFO [NiFi Web Server-19] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[myuser], groups[bigG, bigdGer] does not have permission to access the requested resource. No applicable policies could be found. Returning Forbidden response the nifi-user.log is telling you that your successfully authenticated user "myuser" is known by NiFi to belong to groups "bigG" and "bigdGer".  In Ranger you'll need to make sure that yoru user "myuser" or one of these groups "bigG" and/or "bigdGer" has been authorized for "READ" on the "/flow" NiFi resource Identifier.  If Ranger has the group as "bigg" or "BIGG", "bigDGER", etc it will not work because NiFi is case sensitive. You could also share your authorizers.xml if you'd like use to verify your configuration there. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt ... View more
Contact Me
Online
Offline
Last Visited
‎08-09-2023 09:11 AM
Community Statistics
Member Since ‎11-22-2021 03:26 AM
Last Visited ‎08-09-2023 09:11 AM
Posts 8