You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by David Handermann <ex...@apache.org> on 2021/12/08 14:37:44 UTC
Re: Nifi 1.14 user authentication using openId connect not working
Hi Ganesh.B,
It looks like you are running into an issue in NiFi 1.14.0 that was
resolved in 1.15.0 under the following Jira issue:
https://issues.apache.org/jira/browse/NIFI-8783
The default authorizers.xml includes a definition for the
SingleUserAuthorizer, which can only be used together with the
SingleUserLoginIdentityProvider. The workaround for NiFi 1.14.0 is to
comment or remove the following section from authorizers.xml:
<authorizer>
<identifier>single-user-authorizer</identifier>
<class>org.apache.nifi.authorization.single.user.SingleUserAuthorizer</class>
</authorizer>
Removing that configuration element from authorizers.xml should allow the
OIDC configuration to load as expected in NiFi 1.14.0.
Regards,
David Handermann
On Wed, Dec 8, 2021 at 4:54 AM Ganesh, B (Nokia - IN/Bangalore) <
b.ganesh@nokia.com> wrote:
> Hi ,
>
>
>
> We are using apache nifi 1.14 . We have 3 nodes in nifi cluster , cluster
> is using external zookeeper for state management.
>
> We are using openId connect for the user authentication . following are
> the relevant configuration in nifi.properties file .
>
> *nifi.security.user.authorizer=managed-authorizer*
>
> *nifi.security.allow.anonymous.authentication=false*
>
> *nifi.security.user.login.identity.provider=*
>
> *………….*
>
> *………..*
>
> *# OpenId Connect SSO Properties #*
>
> *nifi.security.user.oidc.discovery.url=https://<IPADDRES of KEYCLOAK
> SERVER>/access/realms/nifi/.well-known/openid-configuration*
>
> *nifi.security.user.oidc.connect.timeout=5 secs*
>
> *nifi.security.user.oidc.read.timeout=5 secs*
>
> *nifi.security.user.oidc.client.id
> <http://nifi.security.user.oidc.client.id>=nifi-client*
>
> *nifi.security.user.oidc.client.secret=<CLIENT ID SECRET >*
>
> *nifi.security.user.oidc.preferred.jwsalgorithm=RS256*
>
>
>
> *But we are observing *
>
> *org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
> Unsatisfied dependency expressed through method
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is
> org.springframework.beans.factory.BeanExpressionException: Expression
> parsing failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
> dependency expressed through method 'setJwtAuthenticationProvider'
> parameter 0; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'jwtAuthenticationProvider' defined in class path resource
> [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authorizer': FactoryBean threw exception on object
> creation; nested exception is java.lang.reflect.InvocationTargetException*
>
> * at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:768)*
>
> * at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:720)*
>
> * at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:119)*
>
> * at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399)*
>
> * at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1413)*
>
> * at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:601)*
>
> * at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)*
>
> * at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)*
>
> * at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:944)*
>
> * at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918)*
>
> * at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583)*
>
> * at
> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:401)*
>
> * at
> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:292)*
>
> * at
> org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:103)*
>
> * at
> org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:1068)*
>
> * at
> org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:572)*
>
> * at
> org.eclipse.jetty.server.handler.ContextHandler.contextInitialized(ContextHandler.java:997)*
>
> * at
> org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:746)*
>
> * at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:379)*
>
> * at
> org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1449)*
>
> * at
> org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1414)*
>
> * at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:911)*
>
> * at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:288)*
>
> * at
> org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524)*
>
> * at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)*
>
> * at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)*
>
> * at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)*
>
> * at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)*
>
> * at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)*
>
> * at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)*
>
> * at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)*
>
> * at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)*
>
> * at
> org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:426)*
>
> * at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)*
>
> * at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)*
>
> * at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)*
>
> * at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)*
>
> * at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)*
>
> * at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)*
>
> * at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)*
>
> * at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)*
>
> * at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)*
>
> * at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)*
>
> * at org.eclipse.jetty.server.Server.start(Server.java:423)*
>
> * at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)*
>
> * at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)*
>
> * at org.eclipse.jetty.server.Server.doStart(Server.java:387)*
>
> * at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)*
>
> * at
> org.apache.nifi.web.server.JettyServer.start(JettyServer.java:1129)*
>
> * at org.apache.nifi.NiFi.<init>(NiFi.java:159)*
>
> * at org.apache.nifi.NiFi.<init>(NiFi.java:71)*
>
> * at org.apache.nifi.NiFi.main(NiFi.java:303)*
>
> *Caused by: org.springframework.beans.factory.BeanExpressionException:
> Expression parsing failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
> dependency expressed through method 'setJwtAuthenticationProvider'
> parameter 0; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'jwtAuthenticationProvider' defined in class path resource
> [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authorizer': FactoryBean threw exception on object
> creation; nested exception is java.lang.reflect.InvocationTargetException*
>
> * at
> org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:169)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.evaluateBeanDefinitionString(AbstractBeanFactory.java:1631)*
>
> * at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1324)*
>
> * at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1300)*
>
> * at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:760)*
>
> * ... 54 common frames omitted*
>
> *Caused by:
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
> dependency expressed through method 'setJwtAuthenticationProvider'
> parameter 0; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'jwtAuthenticationProvider' defined in class path resource
> [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authorizer': FactoryBean threw exception on object
> creation; nested exception is java.lang.reflect.InvocationTargetException*
>
> * at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:768)*
>
> * at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:720)*
>
> * at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:119)*
>
> * at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399)*
>
> * at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1413)*
>
> * at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:601)*
>
> * at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)*
>
> * at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)*
>
> * at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:671)*
>
> * at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:659)*
>
> * at
> org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers(AutowiredWebSecurityConfigurersIgnoreParents.java:51)*
>
> * at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)*
>
> * at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)*
>
> * at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)*
>
> * at java.base/java.lang.reflect.Method.invoke(Method.java:566)*
>
> * at
> org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:129)*
>
> * at
> org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:139)*
>
> * at
> org.springframework.expression.spel.ast.MethodReference.access$000(MethodReference.java:55)*
>
> * at
> org.springframework.expression.spel.ast.MethodReference$MethodValueRef.getValue(MethodReference.java:387)*
>
> * at
> org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:92)*
>
> * at
> org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:112)*
>
> * at
> org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:272)*
>
> * at
> org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:166)*
>
> * ... 58 common frames omitted*
>
> *Caused by: org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'jwtAuthenticationProvider' defined in class path
> resource [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authorizer': FactoryBean threw exception on object
> creation; nested exception is java.lang.reflect.InvocationTargetException*
>
> * at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:342)*
>
> * at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:113)*
>
> * at
> org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:693)*
>
> * at
> org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:198)*
>
> * at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1354)*
>
> * at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1204)*
>
> * at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:564)*
>
> * at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)*
>
> * at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)*
>
> * at
> org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)*
>
> * at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1380)*
>
> * at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1300)*
>
> * at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:760)*
>
> * ... 83 common frames omitted*
>
> *Caused by: org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'authorizer': FactoryBean threw exception on object
> creation; nested exception is java.lang.reflect.InvocationTargetException*
>
> * at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:176)*
>
> * at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:101)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1884)*
>
> * at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getObjectForBeanInstance(AbstractAutowireCapableBeanFactory.java:1266)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:345)*
>
> * at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)*
>
> * at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:330)*
>
> * ... 98 common frames omitted*
>
> *Caused by: java.lang.reflect.InvocationTargetException: null*
>
> * at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)*
>
> * at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)*
>
> * at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)*
>
> * at java.base/java.lang.reflect.Method.invoke(Method.java:566)*
>
> * at
> org.apache.nifi.authorization.AuthorizerFactoryBean.performMethodInjection(AuthorizerFactoryBean.java:413)*
>
> * at
> org.apache.nifi.authorization.AuthorizerFactoryBean.createAuthorizer(AuthorizerFactoryBean.java:365)*
>
> * at
> org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:161)*
>
> * at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:169)*
>
> * ... 104 common frames omitted*
>
> *Caused by:
> org.apache.nifi.authorization.exception.AuthorizerCreationException:
> SingleUserAuthorizer requires
> org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider
> to be configured*
>
> * at
> org.apache.nifi.authorization.single.user.SingleUserAuthorizer.setProperties(SingleUserAuthorizer.java:69)*
>
> * ... 112 common frames omitted*
>
> *{"type":"log", "host":"nc1298node04", "level":"WARN",
> "neid":"857fb9e4799f481da83e8286c07a8098", "system":"mynifi-nifi-0",
> "time":"2021-12-08T10:28:08.369Z", "timezone":"UTC", "log":"[main]
> org.eclipse.jetty.webapp.WebAppContext Failed startup of context
> o.e.j.w.WebAppContext@1239c268{nifi-api,/nifi-api,file:///opt/nifi/work/jetty/nifi-web-api-1.14.0.war/webapp/,UNAVAILABLE}{./work/nar/extensions/nifi-server-nar-1.14.0.nar-unpacked/NAR-INF/bundled-dependencies/nifi-web-api-1.14.0.war}"}*
>
>
>
> Can you please help us to resolve this issue ?
>
>
>
> Thanks & Regards,
>
> Ganesh.B
>
>
>
>
>
>
>
>
>
>
>