Member since
03-11-2022
3
Posts
0
Kudos Received
0
Solutions
04-15-2022
04:57 AM
Hi there, we are testing to migrate from nifi 1.13.2 to the latest greatest or at least the 1.15.3 release. We would like to make use of Google SAML integration for authentication. But can't seem to find a decent tutorial with examples for this. There are some good documentation by Bryan Bende using Knox. But doesn't seem to work with google saml. Searched google extensively, but couldn't find a single working example with saml. Is it even working? 😉 Can anyone share a good tutorial on how to implement this? We are running NiFi in a docker container on AWS. Thank you in advanced. Kind regards, Dave
... View more
Labels:
- Labels:
-
Apache NiFi
03-14-2022
08:53 AM
When implementing Google SAML with Apache NiFi 1.15 we get the following error on startup. org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlService' defined in org.apache.nifi.web.security.configuration.SamlAuthenticationSecurityConfiguration: Invocation of init method failed; nested exception is java.lang.RuntimeException: Unable to initialize SAML configuration due to: org.opensaml.saml2.metadata.provider.MetadataProviderException: Non-ok status code 400 returned from remote metadata source https://accounts.google.com/o/saml2/idp?idpid=xxxxx Is this caused by a misconfiguration in Nifi or on the Google configuration side? There's alot of documentation on what the SAML parameters mean, but unfortunately no expamles can be found on the net. Thank you in advanced. Kind regards, Dave
... View more
Labels:
- Labels:
-
Apache NiFi
03-11-2022
06:06 AM
Hi there, We want to move from nifi 1.13 to 1.15 and are trying to implement OIDC. We found this great manual from Bryan https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect followed this and after some tweaking we finally got the google login screen. nifi.properties is setup for localhost nifi.web.https.host=localhost nifi.web.https.port=8443 And Google redirect API is set to https://localhost:8443/nifi-api/access/oidc/callback After succesfully logging in we get redirected to the url above, but receive the following error. Unable to continue login sequence Unable to exchange authorization for ID token: Unable to parse the response from the Token request: Unable to validate the ID Token: Unexpected JWT audience: [169248247257-v1tcvtl6n6gq0psjqjt69jpkq36ue3i8.apps.googleusercontent.com] What seems to be going wrong? Once this is working, we will be implementing this to our AWS nifi clusters with Loadbalancer IP's and of course not on localhost. Thank you in advanced. Kind regards, Dave
... View more
- Tags:
- NiFi
Labels:
- Labels:
-
Apache NiFi