You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by kumar r <ku...@gmail.com> on 2017/03/08 12:04:41 UTC
NiFi web ui not open after enabled auth
Hi,
Configured NiFi 1.1.1 version in windows.
I have enabled client certificate auth with the following properties
*nifi.properties*
nifi.web.war.directory=./lib
nifi.web.http.host=
nifi.web.http.port=
nifi.web.https.host=hostname
nifi.web.https.port=8080
nifi.web.jetty.working.directory=./work/jetty
nifi.web.jetty.threads=200
nifi.security.keystore=./conf/ssl/server.keystore
nifi.security.keystoreType=JKS
nifi.security.keystorePasswd=server_password
nifi.security.keyPasswd=server_keypassword
nifi.security.truststore=./conf/ssl/server.truststore
nifi.security.truststoreType=JKS
nifi.security.truststorePasswd=server_password
nifi.security.needClientAuth=true
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=
nifi.security.ocsp.responder.certificate=
*authorizers.xml*
<authorizer>
<identifier>file-provider</identifier>
<class>org.apache.nifi.authorization.FileAuthorizer</class>
<property name="Authorizations
File">./conf/authorizations.xml</property>
<property name="Users File">./conf/users.xml</property>
<property name="Initial Admin Identity"></property>
<property name="Legacy Authorized Users
File">./conf/authorized-users.xml</property>
<!-- Provide the identity (typically a DN) of each node when
clustered, see above description of Node Identity.
<property name="Node Identity 1"></property>
<property name="Node Identity 2"></property>
-->
</authorizer>
*authorized-users.xml*
<users>
<user dn="CN=Kumar">
<role name="ROLE_ADMIN"/>
<role name="ROLE_DFM"/>
</user>
</users>
Followed generating server and client ssl certificates from
http://unix.stackexchange.com/q/347116
Everything was good. NiFi server started and got logs as UI is available in
following URLs:
https://hostname:8080/nifi
But when i open UI in browser both in firefox and chrome, Nifi web url
cannot open and it shows
*Secure Connection Failed* in firefox and *This site can’t be reached* in
chrome
It didn't ask for client certificate.
What i did wrong? How can i achieve this?
http://stackoverflow.com/questions/42668838/nifi-web-ui-not-open-after-enabled-auth
Help would be appreciated. Thanks in advance.
Re: NiFi web ui not open after enabled auth
Posted by kumar r <ku...@gmail.com>.
Thanks for your help.
It works fine after importing client certificate to browser.
On Wed, Mar 8, 2017 at 7:59 PM, Bryan Rosander <br...@apache.org> wrote:
> Hi Kumar,
>
> I would suggest using NiFi's tls-toolkit in order to facilitate
> certificate generation. It can generate a Certificate Authority (to import
> into the browser), keystore and truststore for NiFi as well as a client p12
> file in a single command.
>
> You can get it from the NiFi download page as part of the nifi-toolkit.
>
> If you run (replacing YOUR_HOSTNAME with your actual hostname):
> bin/tls-toolkit.sh standalone -n YOUR_HOSTNAME -C 'CN=Kumar'
>
> You should wind up with a YOUR_HOSTNAME directory containing a keystore,
> truststore, nifi.properties as well as a p12 and password file for your
> client certificate. You'll want to import nifi-cert.pem into your browser
> as a trusted CA so that it knows it can trust the server.
>
> Thanks,
> Bryan
>
> On Wed, Mar 8, 2017 at 7:04 AM, kumar r <ku...@gmail.com> wrote:
>
>> Hi,
>>
>> Configured NiFi 1.1.1 version in windows.
>>
>> I have enabled client certificate auth with the following properties
>>
>> *nifi.properties*
>>
>> nifi.web.war.directory=./lib
>> nifi.web.http.host=
>> nifi.web.http.port=
>> nifi.web.https.host=hostname
>> nifi.web.https.port=8080
>> nifi.web.jetty.working.directory=./work/jetty
>> nifi.web.jetty.threads=200
>>
>> nifi.security.keystore=./conf/ssl/server.keystore
>> nifi.security.keystoreType=JKS
>> nifi.security.keystorePasswd=server_password
>> nifi.security.keyPasswd=server_keypassword
>> nifi.security.truststore=./conf/ssl/server.truststore
>> nifi.security.truststoreType=JKS
>> nifi.security.truststorePasswd=server_password
>> nifi.security.needClientAuth=true
>> nifi.security.user.authorizer=file-provider
>> nifi.security.user.login.identity.provider=
>> nifi.security.ocsp.responder.url=
>> nifi.security.ocsp.responder.certificate=
>>
>> *authorizers.xml*
>>
>> <authorizer>
>> <identifier>file-provider</identifier>
>> <class>org.apache.nifi.authorization.FileAuthorizer</class>
>> <property name="Authorizations File">./conf/authorizations.xm
>> l</property>
>> <property name="Users File">./conf/users.xml</property>
>> <property name="Initial Admin Identity"></property>
>> <property name="Legacy Authorized Users
>> File">./conf/authorized-users.xml</property>
>>
>> <!-- Provide the identity (typically a DN) of each node when
>> clustered, see above description of Node Identity.
>> <property name="Node Identity 1"></property>
>> <property name="Node Identity 2"></property>
>> -->
>> </authorizer>
>>
>> *authorized-users.xml*
>>
>> <users>
>> <user dn="CN=Kumar">
>> <role name="ROLE_ADMIN"/>
>> <role name="ROLE_DFM"/>
>> </user>
>> </users>
>>
>> Followed generating server and client ssl certificates from
>> http://unix.stackexchange.com/q/347116
>>
>> Everything was good. NiFi server started and got logs as UI is available
>> in following URLs:
>>
>> https://hostname:8080/nifi
>>
>> But when i open UI in browser both in firefox and chrome, Nifi web url
>> cannot open and it shows
>>
>> *Secure Connection Failed* in firefox and *This site can’t be reached*
>> in chrome
>>
>> It didn't ask for client certificate.
>>
>> What i did wrong? How can i achieve this?
>>
>> http://stackoverflow.com/questions/42668838/nifi-web-ui-not-
>> open-after-enabled-auth
>>
>> Help would be appreciated. Thanks in advance.
>>
>>
>
Re: NiFi web ui not open after enabled auth
Posted by Bryan Rosander <br...@apache.org>.
Hi Kumar,
I would suggest using NiFi's tls-toolkit in order to facilitate certificate
generation. It can generate a Certificate Authority (to import into the
browser), keystore and truststore for NiFi as well as a client p12 file in
a single command.
You can get it from the NiFi download page as part of the nifi-toolkit.
If you run (replacing YOUR_HOSTNAME with your actual hostname):
bin/tls-toolkit.sh standalone -n YOUR_HOSTNAME -C 'CN=Kumar'
You should wind up with a YOUR_HOSTNAME directory containing a keystore,
truststore, nifi.properties as well as a p12 and password file for your
client certificate. You'll want to import nifi-cert.pem into your browser
as a trusted CA so that it knows it can trust the server.
Thanks,
Bryan
On Wed, Mar 8, 2017 at 7:04 AM, kumar r <ku...@gmail.com> wrote:
> Hi,
>
> Configured NiFi 1.1.1 version in windows.
>
> I have enabled client certificate auth with the following properties
>
> *nifi.properties*
>
> nifi.web.war.directory=./lib
> nifi.web.http.host=
> nifi.web.http.port=
> nifi.web.https.host=hostname
> nifi.web.https.port=8080
> nifi.web.jetty.working.directory=./work/jetty
> nifi.web.jetty.threads=200
>
> nifi.security.keystore=./conf/ssl/server.keystore
> nifi.security.keystoreType=JKS
> nifi.security.keystorePasswd=server_password
> nifi.security.keyPasswd=server_keypassword
> nifi.security.truststore=./conf/ssl/server.truststore
> nifi.security.truststoreType=JKS
> nifi.security.truststorePasswd=server_password
> nifi.security.needClientAuth=true
> nifi.security.user.authorizer=file-provider
> nifi.security.user.login.identity.provider=
> nifi.security.ocsp.responder.url=
> nifi.security.ocsp.responder.certificate=
>
> *authorizers.xml*
>
> <authorizer>
> <identifier>file-provider</identifier>
> <class>org.apache.nifi.authorization.FileAuthorizer</class>
> <property name="Authorizations File">./conf/authorizations.
> xml</property>
> <property name="Users File">./conf/users.xml</property>
> <property name="Initial Admin Identity"></property>
> <property name="Legacy Authorized Users
> File">./conf/authorized-users.xml</property>
>
> <!-- Provide the identity (typically a DN) of each node when
> clustered, see above description of Node Identity.
> <property name="Node Identity 1"></property>
> <property name="Node Identity 2"></property>
> -->
> </authorizer>
>
> *authorized-users.xml*
>
> <users>
> <user dn="CN=Kumar">
> <role name="ROLE_ADMIN"/>
> <role name="ROLE_DFM"/>
> </user>
> </users>
>
> Followed generating server and client ssl certificates from
> http://unix.stackexchange.com/q/347116
>
> Everything was good. NiFi server started and got logs as UI is available
> in following URLs:
>
> https://hostname:8080/nifi
>
> But when i open UI in browser both in firefox and chrome, Nifi web url
> cannot open and it shows
>
> *Secure Connection Failed* in firefox and *This site can’t be reached* in
> chrome
>
> It didn't ask for client certificate.
>
> What i did wrong? How can i achieve this?
>
> http://stackoverflow.com/questions/42668838/nifi-web-
> ui-not-open-after-enabled-auth
>
> Help would be appreciated. Thanks in advance.
>
>