@MattWho @gtorres @SAMSAL  I am sharing my user logs.  2022-06-15 04:18:06,090 DEBUG [NiFi Web Server-18] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] 2022-06-15 04:18:06,090 DEBUG [NiFi Web Server-18] o.a.n.w.s.x509.X509CertificateExtractor No client certificate found in request. 2022-06-15 04:18:06,091 DEBUG [NiFi Web Server-18] o.a.n.w.s.j.k.StandardVerificationKeySelector Key Identifier [ec9c28d4-7330-48da-bdf5-dd398cd5b76f] Verification Keys Found [1] 2022-06-15 04:18:06,093 DEBUG [NiFi Web Server-143] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] 2022-06-15 04:18:06,093 DEBUG [NiFi Web Server-18] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,093 DEBUG [NiFi Web Server-143] o.a.n.w.s.x509.X509CertificateExtractor No client certificate found in request. 2022-06-15 04:18:06,093 DEBUG [NiFi Web Server-18] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,093 DEBUG [NiFi Web Server-143] o.a.n.w.s.j.k.StandardVerificationKeySelector Key Identifier [ec9c28d4-7330-48da-bdf5-dd398cd5b76f] Verification Keys Found [1] 2022-06-15 04:18:06,094 DEBUG [NiFi Web Server-143] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,094 DEBUG [NiFi Web Server-143] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,108 DEBUG [NiFi Web Server-128] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] 2022-06-15 04:18:06,108 DEBUG [NiFi Web Server-128] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntitiesChain - <********@Company.***><C=US, ST=California, O=Company ***, OU=********.***.**.***, CN=********.***.**.***> 2022-06-15 04:18:06,108 DEBUG [NiFi Web Server-128] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntityGroups - <> 2022-06-15 04:18:06,108 INFO [NiFi Web Server-128] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 10.204.230.155 [<********@Company.***><C=US, ST=California, O=Company ***, OU=********.***.**.***, CN=********.***.**.***><C=US, ST=California, O=Company ***, OU=********.***.**.***, CN=******.***>] GET https://********.***.**.***:8086/nifi-api/flow/status 2022-06-15 04:18:06,108 INFO [NiFi Web Server-128] o.a.n.w.s.NiFiAuthenticationFilter Authentication Success [********@Company.***] 10.204.230.155 GET https://********.***.**.***:8086/nifi-api/flow/status 2022-06-15 04:18:06,108 DEBUG [NiFi Web Server-128] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,108 DEBUG [NiFi Web Server-128] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,108 DEBUG [NiFi Web Server-136] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] 2022-06-15 04:18:06,108 DEBUG [NiFi Web Server-136] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntitiesChain - <********@Company.***><C=US, ST=California, O=Company ***, OU=********.***.**.***, CN=********.***.**.***> 2022-06-15 04:18:06,108 DEBUG [NiFi Web Server-136] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntityGroups - <> 2022-06-15 04:18:06,108 INFO [NiFi Web Server-136] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 10.204.230.155 [<********@Company.***><C=US, ST=California, O=Company ***, OU=********.***.**.***, CN=********.***.**.***><C=US, ST=California, O=Company ***, OU=********.***.**.***, CN=******.***>] GET https://********.***.**.***:8086/nifi-api/flow/process-groups/653f47d8-0181-1000-1d99-58b6a323962a 2022-06-15 04:18:06,109 INFO [NiFi Web Server-136] o.a.n.w.s.NiFiAuthenticationFilter Authentication Success [********@Company.***] 10.204.230.155 GET https://********.***.**.***:8086/nifi-api/flow/process-groups/653f47d8-0181-1000-1d99-58b6a323962a 2022-06-15 04:18:06,109 DEBUG [NiFi Web Server-136] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,109 DEBUG [NiFi Web Server-136] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,359 DEBUG [NiFi Web Server-136] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] 2022-06-15 04:18:06,359 DEBUG [NiFi Web Server-136] o.a.n.w.s.x509.X509CertificateExtractor No client certificate found in request. 2022-06-15 04:18:06,359 DEBUG [NiFi Web Server-128] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] 2022-06-15 04:18:06,360 DEBUG [NiFi Web Server-128] o.a.n.w.s.x509.X509CertificateExtractor No client certificate found in request. 2022-06-15 04:18:06,360 DEBUG [NiFi Web Server-136] o.a.n.w.s.j.k.StandardVerificationKeySelector Key Identifier [ec9c28d4-7330-48da-bdf5-dd398cd5b76f] Verification Keys Found [1] 2022-06-15 04:18:06,360 DEBUG [NiFi Web Server-128] o.a.n.w.s.j.k.StandardVerificationKeySelector Key Identifier [ec9c28d4-7330-48da-bdf5-dd398cd5b76f] Verification Keys Found [1] 2022-06-15 04:18:06,361 DEBUG [NiFi Web Server-143] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] 2022-06-15 04:18:06,361 DEBUG [NiFi Web Server-143] o.a.n.w.s.x509.X509CertificateExtractor No client certificate found in request. 2022-06-15 04:18:06,362 DEBUG [NiFi Web Server-143] o.a.n.w.s.j.k.StandardVerificationKeySelector Key Identifier [ec9c28d4-7330-48da-bdf5-dd398cd5b76f] Verification Keys Found [1] 2022-06-15 04:18:06,362 DEBUG [NiFi Web Server-136] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,362 DEBUG [NiFi Web Server-136] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,362 DEBUG [NiFi Web Server-128] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,362 DEBUG [NiFi Web Server-128] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,363 DEBUG [NiFi Web Server-143] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,363 DEBUG [NiFi Web Server-143] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,373 DEBUG [NiFi Web Server-20] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] 2022-06-15 04:18:06,373 DEBUG [NiFi Web Server-20] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntitiesChain - <********@Company.***><C=US, ST=California, O=Company ***, OU=********.***.**.***, CN=********.***.**.***> 2022-06-15 04:18:06,373 DEBUG [NiFi Web Server-20] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntityGroups - <> 2022-06-15 04:18:06,373 INFO [NiFi Web Server-20] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 10.204.230.155 [<********@Company.***><C=US, ST=California, O=Company ***, OU=********.***.**.***, CN=********.***.**.***><C=US, ST=California, O=Company ***, OU=********.***.**.***, CN=******.***>] GET https://********.***.**.***:8086/nifi-api/flow/current-user 2022-06-15 04:18:06,373 INFO [NiFi Web Server-20] o.a.n.w.s.NiFiAuthenticationFilter Authentication Success [********@Company.***] 10.204.230.155 GET https://********.***.**.***:8086/nifi-api/flow/current-user 2022-06-15 04:18:06,373 DEBUG [NiFi Web Server-20] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,373 DEBUG [NiFi Web Server-20] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,378 DEBUG [NiFi Web Server-20] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] 2022-06-15 04:18:06,378 DEBUG [NiFi Web Server-20] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntitiesChain - <********@Company.***><C=US, ST=California, O=Company ***, OU=********.***.**.***, CN=********.***.**.***> 2022-06-15 04:18:06,378 DEBUG [NiFi Web Server-20] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntityGroups - <> 2022-06-15 04:18:06,378 INFO [NiFi Web Server-20] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 10.204.230.155 [<********@Company.***><C=US, ST=California, O=Company ***, OU=********.***.**.***, CN=********.***.**.***><C=US, ST=California, O=Company ***, OU=********.***.**.***, CN=******.***>] GET https://********.***.**.***:8086/nifi-api/flow/controller/bulletins 2022-06-15 04:18:06,378 INFO [NiFi Web Server-20] o.a.n.w.s.NiFiAuthenticationFilter Authentication Success [********@Company.***] 10.204.230.155 GET https://********.***.**.***:8086/nifi-api/flow/controller/bulletins 2022-06-15 04:18:06,379 DEBUG [NiFi Web Server-20] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:18:06,379 DEBUG [NiFi Web Server-20] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [********@Company.***] 2022-06-15 04:16:23,463 DEBUG [NiFi Web Server-120] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntityGroups - <> 2022-06-15 04:16:23,463 INFO [NiFi Web Server-120] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 10.204.230.155 [<xxxxxxxxx@company.com><C=US, ST=California, O=Company, OU=xxxxxxxxx, CN=zzzzzzzzzz.company.com><C=US, ST=California, O=Company, OU=xxxxxxxxx, CN=yyyyyyyy.company.com>] GET https://xxxxxxxxx.company.com:8086/nifi-api/policies/write/process-groups/653f47d8-0181-1000-1d99-58b6a323962a 2022-06-15 04:16:23,464 INFO [NiFi Web Server-120] o.a.n.w.s.NiFiAuthenticationFilter Authentication Success [xxxxxxxxx@company.com] 10.204.230.155 GET https://xxxxxxxxx.company.com:8086/nifi-api/policies/write/process-groups/653f47d8-0181-1000-1d99-58b6a323962a 2022-06-15 04:16:23,464 DEBUG [NiFi Web Server-120] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [xxxxxxxxx@company.com] 2022-06-15 04:16:23,464 DEBUG [NiFi Web Server-120] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [xxxxxxxxx@company.com] 2022-06-15 04:16:27,281 DEBUG [NiFi Web Server-21] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] 2022-06-15 04:16:27,281 DEBUG [NiFi Web Server-21] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntitiesChain - <xxxxxxxxx@company.com><C=US, ST=California, O=Company, OU=xxxxxxxxx, CN=zzzzzzzzzz.company.com> 2022-06-15 04:16:27,281 DEBUG [NiFi Web Server-21] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntityGroups - <> 2022-06-15 04:16:27,281 INFO [NiFi Web Server-21] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 10.204.230.155 [<xxxxxxxxx@company.com><C=US, ST=California, O=Company, OU=xxxxxxxxx, CN=zzzzzzzzzz.company.com><C=US, ST=California, O=Company, OU=xxxxxxxxx, CN=yyyyyyyy.company.com>] GET https://xxxxxxxxx.company.com:8086/nifi-api/policies/write/operation/process-groups/653f47d8-0181-1000-1d99-58b6a323962a 2022-06-15 04:16:27,282 INFO [NiFi Web Server-21] o.a.n.w.s.NiFiAuthenticationFilter Authentication Success [xxxxxxxxx@company.com] 10.204.230.155 GET https://xxxxxxxxx.company.com:8086/nifi-api/policies/write/operation/process-groups/653f47d8-0181-1000-1d99-58b6a323962a 2022-06-15 04:16:27,282 DEBUG [NiFi Web Server-21] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [xxxxxxxxx@company.com] 2022-06-15 04:16:27,282 DEBUG [NiFi Web Server-21] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [xxxxxxxxx@company.com] 2022-06-15 04:16:27,302 INFO [NiFi Web Server-21] o.a.n.w.a.c.ResourceNotFoundExceptionMapper org.apache.nifi.web.ResourceNotFoundException: Unable to find access policy for write on /operation/process-groups/653f47d8-0181-1000-1d99-58b6a323962a. Returning Not Found response. 2022-06-15 04:16:27,309 DEBUG [NiFi Web Server-21] o.a.n.w.a.c.ResourceNotFoundExceptionMapper org.apache.nifi.web.ResourceNotFoundException: Unable to find access policy for write on /operation/process-groups/653f47d8-0181-1000-1d99-58b6a323962a at org.apache.nifi.web.dao.impl.StandardPolicyBasedAuthorizerDAO.getAccessPolicy(StandardPolicyBasedAuthorizerDAO.java:201) at org.apache.nifi.web.dao.impl.StandardPolicyBasedAuthorizerDAO$$FastClassBySpringCGLIB$$ea190383.invoke(<generated>) at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698) at org.apache.nifi.web.dao.impl.StandardPolicyBasedAuthorizerDAO$$EnhancerBySpringCGLIB$$be10ced9.getAccessPolicy(<generated>) at org.apache.nifi.web.StandardNiFiServiceFacade.getAccessPolicy(StandardNiFiServiceFacade.java:4089) at org.apache.nifi.web.StandardNiFiServiceFacade$$FastClassBySpringCGLIB$$358780e0.invoke(<generated>) at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) at org.apache.nifi.web.NiFiServiceFacadeLock.proceedWithReadLock(NiFiServiceFacadeLock.java:161) at org.apache.nifi.web.NiFiServiceFacadeLock.getLock(NiFiServiceFacadeLock.java:120) at jdk.internal.reflect.GeneratedMethodAccessor136.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624) at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698) at org.apache.nifi.web.StandardNiFiServiceFacade$$EnhancerBySpringCGLIB$$26e6223b.getAccessPolicy(<generated>) at org.apache.nifi.web.api.AccessPolicyResource.getAccessPolicyForResource(AccessPolicyResource.java:162) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167) at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79) at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475) at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397) at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81) at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) at org.glassfish.jersey.internal.Errors.process(Errors.java:292) at org.glassfish.jersey.internal.Errors.process(Errors.java:274) at org.glassfish.jersey.internal.Errors.process(Errors.java:244) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234) at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680) at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394) at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205) at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1459) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799) at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1631) at org.apache.nifi.web.filter.RequestLogger.doFilter(RequestLogger.java:66) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) at org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:58) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) at org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:58) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) at org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:121) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) at org.apache.nifi.web.security.NiFiAuthenticationFilter.authenticate(NiFiAuthenticationFilter.java:94) at org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:56) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.filter.ExceptionFilter.doFilter(ExceptionFilter.java:46) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:487) at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:336) at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:301) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.security.headers.StrictTransportSecurityFilter.doFilter(StrictTransportSecurityFilter.java:48) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.security.headers.XContentTypeOptionsFilter.doFilter(XContentTypeOptionsFilter.java:48) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.security.headers.XSSProtectionFilter.doFilter(XSSProtectionFilter.java:48) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.security.headers.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:47) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.security.headers.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:48) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:763) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:191) at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:59) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.Server.handle(Server.java:516) at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:400) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:645) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:392) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410) at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) at java.base/java.lang.Thread.run(Thread.java:829) 2022-06-15 04:16:31,701 DEBUG [NiFi Web Server-120] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] 2022-06-15 04:16:31,701 DEBUG [NiFi Web Server-120] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntitiesChain - <xxxxxxxxx@company.com><C=US, ST=California, O=Company, OU=xxxxxxxxx, CN=zzzzzzzzzz.company.com> 2022-06-15 04:16:31,701 DEBUG [NiFi Web Server-120] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntityGroups - <> 2022-06-15 04:16:31,701 INFO [NiFi Web Server-120] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 10.204.230.155 [<xxxxxxxxx@company.com><C=US, ST=California, O=Company, OU=xxxxxxxxx, CN=zzzzzzzzzz.company.com><C=US, ST=California, O=Company, OU=xxxxxxxxx, CN=yyyyyyyy.company.com>] POST https://xxxxxxxxx.company.com:8086/nifi-api/policies 2022-06-15 04:16:31,701 INFO [NiFi Web Server-120] o.a.n.w.s.NiFiAuthenticationFilter Authentication Success [xxxxxxxxx@company.com] 10.204.230.155 POST https://xxxxxxxxx.company.com:8086/nifi-api/policies   user.logs   Here we have observed that whenever NIFI tries to get status or fetch the current user, we get below mentioned logs, weherNiFiAuthenticationFilter Authenticating sometimes gets the user and sometimes log with null: 10.204.230.155 GET https://xxxxxxxxx.company.com:8086/nifi-api/flow/status 2022-06-15 04:14:57,583 DEBUG [NiFi Web Server-21] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [xxxxxxxxx@company.com] 2022-06-15 04:14:57,583 DEBUG [NiFi Web Server-25] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [xxxxxxxxx@company.com] 2022-06-15 04:14:57,583 DEBUG [NiFi Web Server-21] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [xxxxxxxxx@company.com] 2022-06-15 04:14:57,583 DEBUG [NiFi Web Server-25] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [xxxxxxxxx@company.com] 2022-06-15 04:14:57,818 DEBUG [NiFi Web Server-120] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null]   ... View more

@MattWho  1. Have you tried using a different web browser like Firefox? I am unable to log in via Mozilla, my SAML service is not working for callbacks to NIFI. However, used Safari and Chrome. 2. Have you tried opening your browser's Developer tools and inspecting the actual rest-api call that was made when you attempt the various actions that fail from with the NiFi UI? Yes, I did it. I am sharing details for few of the actions: Request URL: https://xxxxxxxx/nifi-api/policies/43dfca36-0181-1000-ffff-ffff90447006 Request Method: PUT Status Code: 403 Payload: {"revision":{"clientId":"4806d375-0181-1000-e24c-c2e2244d8578","version":0},"disconnectedNodeAcknowledged":false,"component":{"id":"43dfca36-0181-1000-ffff-ffff90447006","users":[{"revision":{"version":0},"id":"5c72646f-a9cb-3239-9450-2511231b004e","permissions":{"canRead":true,"canWrite":true},"component":{"id":"5c72646f-a9cb-3239-9450-2511231b004e","identity":"xxxx@xxx.com","configurable":true}}],"userGroups":[]}}   Request URL: https://xxxxxxxxx/nifi-api/flow/process-groups/439aeba6-0181-1000-fabf-28c9c87d5ce8/controller-services Request Method: PUT Status Code: 403 Payload: {"id":"439aeba6-0181-1000-fabf-28c9c87d5ce8","state":"ENABLED","disconnectedNodeAcknowledged":false}   https://xxxxxxx/nifi-api/access/logout Request Method: DELETE Status Code: 403 3. Are you going through a proxy or load balancer (is it configured to use sticky sessions?)? Yes, I am using a proxy and have configured sticky sessions. 4. Which Browser and version are you using? Safari: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15 Chrome: user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 For both, the browser NIFI adds Mozilla/5.0 in user-agent 5. Have you tried clearing your browser cache? - Yes I tried clearing my cache, It exhibits the same behavior. 6. Does the same behavior exist using an incognito window in your browser? I have tried on Safari, and Chrome. However, I have used Safari private window as well. It exhibits the same behavior. However unable to Logging using Chrome- incognito window. 7. What java version is your NiFi using? - JDK-11.0.14.9.2 In addition to these, I would like to bring you to notice that, I have tried NIFI- 1.16.0 on AWS with a single node setup, using single-user-authorizer. It works absolutely fine. And I am able to use NIFI smoothly. Once I tried using managed-authorizer with SAML on 3 node cluster. Then I am facing all these permission issues. However, I have an absolutely similar setup with 3 node cluster for NIFI-1.150 (not on AWS, it is on the private cloud). There I am able to get access to the main root process policy. And able to access processors can create processors, but can not delete processors, Logout and add policy for other users or myself. ... View more

@MattWho  I have tried to click on that key and add my user to the policies. But still, it gives me 403 insufficient permissions :   Please find the Request/Response Details: Request URL: https://xxxxxxxxxxxxxxx/nifi-api/policies/43f0b681-0181-1000-ffff-ffffc15af0d7 Request Method: PUT Status Code: 403 Payload: ion":{"clientId":"4eb9cca3-0181-1000-5ccc-79d4aacc5540","version":0},"disconnectedNodeAcknowledged":false,"component":{"id":"43f0b681-0181-1000-ffff-ffffc15af0d7","users":[{"revision":{"version":0},"id":"5c72646f-a9cb-3239-9450-2511231b004e","permissions":{"canRead":true,"canWrite":true},"component":{"id":"5c72646f-a9cb-3239-9450-2511231b004e","identity":"*****@*******.com","configurable":true}}],"userGroups":[]}} Response: <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>Apple</center> </body> </html> If I am trying to add any policy to my user, it is giving me insufficient permissions.  Thank you!!! ... View more

Hi @MattWho, Thank you for replying, it's my bad, I have missed posting my complete authorizers.xml  which have  <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer> ... View more

HI @gtorres, I am not able to see any 403 activity even getting logged in my servers. I have not found any such 403 request/response calls in  App logs, user logs, Request logs. Whenever I am getting 403 while performing any actions, it is not getting captured in any log file (App, User, Request). https://community.cloudera.com/t5/Support-Questions/Unable-to-seed-access-policy-on-NIFI-1-16-0-and-User-logs/td-p/345246     ... View more

These are the list of permissions I have to ADMIN User: { "identity": "xxxx@xxx.com", "anonymous": false, "provenancePermissions": { "canRead": false, "canWrite": false }, "countersPermissions": { "canRead": false, "canWrite": false }, "tenantsPermissions": { "canRead": true, "canWrite": true }, "controllerPermissions": { "canRead": true, "canWrite": true }, "policiesPermissions": { "canRead": true, "canWrite": true }, "systemPermissions": { "canRead": false, "canWrite": false }, "parameterContextPermissions": { "canRead": true, "canWrite": true }, "restrictedComponentsPermissions": { "canRead": false, "canWrite": true }, "componentRestrictionPermissions": [ { "requiredPermission": { "id": "read-distributed-filesystem", "label": "read distributed filesystem" }, "permissions": { "canRead": false, "canWrite": true } }, { "requiredPermission": { "id": "access-keytab", "label": "access keytab" }, "permissions": { "canRead": false, "canWrite": true } }, { "requiredPermission": { "id": "export-nifi-details", "label": "export nifi details" }, "permissions": { "canRead": false, "canWrite": true } }, { "requiredPermission": { "id": "read-filesystem", "label": "read filesystem" }, "permissions": { "canRead": false, "canWrite": true } }, { "requiredPermission": { "id": "access-environment-credentials", "label": "access environment credentials" }, "permissions": { "canRead": false, "canWrite": true } }, { "requiredPermission": { "id": "execute-code", "label": "execute code" }, "permissions": { "canRead": false, "canWrite": true } }, { "requiredPermission": { "id": "access-ticket-cache", "label": "access ticket cache" }, "permissions": { "canRead": false, "canWrite": true } }, { "requiredPermission": { "id": "write-filesystem", "label": "write filesystem" }, "permissions": { "canRead": false, "canWrite": true } }, { "requiredPermission": { "id": "write-distributed-filesystem", "label": "write distributed filesystem" }, "permissions": { "canRead": false, "canWrite": true } } ], "canVersionFlows": false } ... View more

Hi @araujo,  Have you experience it ? Request your help. Thanks ... View more

I have restarted NIFI by deleting "authorisations.xml " and "users.xml" My authorisations.xml: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <authorizations> <policies> <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f" resource="/flow" action="R"> <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> </policy> <policy identifier="91b40b98-fd71-37df-b47f-0b6bfc9495a3" resource="/data/process-groups/040813bd-98b2-35d7-9202-cc93f4873b91" action="R"> <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> <user identifier="2e8a3365-86df-3c2d-8614-7cf2c61cc5d1"/> <user identifier="a98e60ec-bb80-35c6-bd31-1d1c7562a5a8"/> <user identifier="6d337594-bfba-3a95-88a7-01ec124f0bdb"/> </policy> <policy identifier="b855b111-a013-30b7-828f-8c97c4dd5451" resource="/data/process-groups/040813bd-98b2-35d7-9202-cc93f4873b91" action="W"> <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> <user identifier="2e8a3365-86df-3c2d-8614-7cf2c61cc5d1"/> <user identifier="a98e60ec-bb80-35c6-bd31-1d1c7562a5a8"/> <user identifier="6d337594-bfba-3a95-88a7-01ec124f0bdb"/> </policy> <policy identifier="0e420cf9-3421-30ec-aab3-897e5bf63106" resource="/process-groups/040813bd-98b2-35d7-9202-cc93f4873b91" action="R"> <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> </policy> <policy identifier="3e78b62e-721b-336f-a898-70534c5aa1a9" resource="/process-groups/040813bd-98b2-35d7-9202-cc93f4873b91" action="W"> <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> </policy> <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515" resource="/restricted-components" action="W"> <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> </policy> <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7" resource="/tenants" action="R"> <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> </policy> <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5" resource="/tenants" action="W"> <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> </policy> <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212" resource="/policies" action="R"> <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> </policy> <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d" resource="/policies" action="W"> <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> </policy> <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03" resource="/controller" action="R"> <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> </policy> <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf" resource="/controller" action="W"> <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> </policy> <policy identifier="287edf48-da72-359b-8f61-da5d4c45a270" resource="/proxy" action="W"> <user identifier="2e8a3365-86df-3c2d-8614-7cf2c61cc5d1"/> <user identifier="a98e60ec-bb80-35c6-bd31-1d1c7562a5a8"/> <user identifier="6d337594-bfba-3a95-88a7-01ec124f0bdb"/> </policy> </policies> </authorizations> Here my user Identifier is:  <user identifier="5c72646f-a9cb-3239-9450-2511231b004e"/> But still, I am unable to perform any actions as mentioned in my Post earlier.  I have also observed, that it shows unauthorised for main process group:   ... View more

Certificates are for cluster Nodes. As I am using SAML, so I have set my email DI as Initial admin property. And while authenticating calls are redirected to my SAML service and they are authenticating my user.  Please let me know if I am missing something.  ... View more