You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by Dweep Sharma <dw...@redbus.com> on 2019/09/03 09:31:58 UTC
Re: Nifi Cluster Untrusted Proxy Error
Can someone take a peek at this - what could be wrong? Thanks
-Dweep
On Fri, Aug 30, 2019 at 4:52 PM Dweep Sharma <dw...@redbus.com>
wrote:
> Hi All,
>
> I am receiving an error while setting up a 2 node cluster (external zk)
> using Google Auth [OpenID connect]
>
> *Insufficient Permissions*
>
> *Untrusted proxy CN=*.dummy.com <http://dummy.com>, OU=NIFI*
>
>
> We have used nifi toolkit to generate the certificates:
> ./bin/tls-toolkit.sh standalone -n '*.dummy.com'
>
>
> Details from authorizers and users xml
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *authorizers.xml: <authorizers><userGroupProvider>
> <identifier>file-user-group-provider</identifier>
> <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
> <property name="Users File">./conf/users.xml</property> <property
> name="Legacy Authorized Users File"></property> <property name="Initial
> User Identity 1">vidya.b@dummy.com
> <vi...@dummy.com></property></userGroupProvider><accessPolicyProvider>
> <identifier>file-access-policy-provider</identifier>
> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
> <property name="User Group Provider">file-user-group-provider</property>
> <property name="Authorizations File">./conf/authorizations.xml</property>
> <property name="Initial Admin Identity">vidya.b@dummy.com
> <vi...@dummy.com></property> <property name="Legacy Authorized Users
> File"></property> <property name="Node Identity 1">CN=dpdum1.dummy.com
> <http://dpdum1.dummy.com>, OU=NIFI</property> <property name="Node
> Identity 2">CN=dpdum2.dummy.com <http://dpdum2.dummy.com>,
> OU=NIFI</property> <property name="Node
> Group"></property></accessPolicyProvider> <authorizer>
> <identifier>managed-authorizer</identifier>
> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
> <property name="Access Policy
> Provider">file-access-policy-provider</property>
> </authorizer></authorizers>Users.xml?xml version="1.0" encoding="UTF-8"
> standalone="yes"?><tenants> <groups> <group
> identifier="ae4a4221-016c-1000-a933-2243c2e28888" name="admin">
> <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947"/> <user
> identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/> </group>
> <group identifier="ae4a9755-016c-1000-4425-4df789a817eb"
> name="readonly"> <user
> identifier="ae4fba22-016c-1000-de8b-579daa5f7a5f"/> <user
> identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/> </group>
> </groups> <users> <user
> identifier="ae4b298b-016c-1000-ed39-d2066a60f947"
> identity="dweep.sharma@dummy.com <dw...@dummy.com>"/>
> </users></tenants>*
>
>
>
> Can someone point out what could be wrong. Also if any further info is
> required to diagnose this
>
> Also, this is hosted on AWS. Is there any way to use ACM as our
> certificate manage ?
>
>
>
>
>
--
*::DISCLAIMER::
----------------------------------------------------------------------------------------------------------------------------------------------------
The contents of this e-mail and any attachments are confidential and
intended for the named recipient(s) only.E-mail transmission is not
guaranteed to be secure or error-free as information could be intercepted,
corrupted,lost, destroyed, arrive late or incomplete, or may contain
viruses in transmission. The e mail and its contents(with or without
referred errors) shall therefore not attach any liability on the originator
or redBus.com. Views or opinions, if any, presented in this email are
solely those of the author and may not necessarily reflect the views or
opinions of redBus.com. Any form of reproduction, dissemination, copying,
disclosure, modification,distribution and / or publication of this message
without the prior written consent of authorized representative of redbus.
<http://redbus.in/>com is strictly prohibited. If you have received this
email in error please delete it and notify the sender immediately.Before
opening any email and/or attachments, please check them for viruses and
other defects.*
Re: Nifi Cluster Untrusted Proxy Error
Posted by Bryan Bende <bb...@gmail.com>.
Your authorizers.xml shows two Node Identities:
<property name="Node Identity 1">CN=dpdum1.dummy.com, OU=NIFI</property>
<property name="Node Identity 2">CN=dpdum2.dummy.com, OU=NIFI</property>
However these are not present in users.xml so you must have added
these after having started the application once which generated the
initial users.xml
Anytime you change the initial admin or the node identities you need
to delete users.xml and authorizations.xml in order for them to be
regenerated correctly.
On Thu, Sep 5, 2019 at 3:09 AM Dweep Sharma <dw...@redbus.com> wrote:
>
> Sure, could you please share resources on how to enable trust between ssl certs on two nodes
>
> authorizations.xml
>
>
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <authorizations>
> <policies>
> <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f" resource="/flow" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <group identifier="ae4a9755-016c-1000-4425-4df789a817eb"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515" resource="/restricted-components" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7" resource="/tenants" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5" resource="/tenants" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212" resource="/policies" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d" resource="/policies" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03" resource="/controller" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf" resource="/controller" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="ae532a4c-016c-1000-637f-38253914a685" resource="/provenance" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="ae53e58e-016c-1000-f966-18717c5645c1" resource="/site-to-site" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="ae540f7c-016c-1000-5ecb-f7a9d7405555" resource="/system" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="ae54451d-016c-1000-e0e2-a380de6679dc" resource="/proxy" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="ae546c4b-016c-1000-9746-99f5962b2e62" resource="/counters" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="ae5491ad-016c-1000-83b1-6944c8285a16" resource="/counters" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b2f8f7ee-016c-1000-4bc2-d796491fd0e0" resource="/policies/process-groups/a97c370b-016c-1000-87c2-2ed45eaf0b48" action="R"/>
> <policy identifier="b3bdee5c-016c-1000-f4da-b0a283608f91" resource="/process-groups/a97c370b-016c-1000-87c2-2ed45eaf0b48" action="R"/>
> <policy identifier="b3c011b8-016c-1000-88d8-b235d11aefba" resource="/process-groups/a97c370b-016c-1000-87c2-2ed45eaf0b48" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b3c868ff-016c-1000-e606-835dc5c659e8" resource="/operation/processors/b3c48d49-016c-1000-8396-950d03ad5e07" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b3cb4b2a-016c-1000-a191-eeb3995dd942" resource="/operation/processors/b3c8228a-016c-1000-8e36-f4315d3da34c" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b3cbad5a-016c-1000-52c6-3e37a288ad34" resource="/operation/process-groups/b3c41e61-016c-1000-b40f-21bbefe6599c" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b3cd1977-016c-1000-a920-be900586ad57" resource="/processors/b3c48d49-016c-1000-8396-950d03ad5e07" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b3cdb1b0-016c-1000-cc57-d0921d512c2c" resource="/process-groups/b3c41e61-016c-1000-b40f-21bbefe6599c" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b3cead39-016c-1000-7280-5df3b2903103" resource="/process-groups/b3ce9097-016c-1000-fbbe-c5f148d3d5bc" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <group identifier="ae4a9755-016c-1000-4425-4df789a817eb"/>
> </policy>
> </policies>
> </authorizations>
>
> On Tue, Sep 3, 2019 at 7:15 PM Bryan Bende <bb...@gmail.com> wrote:
>>
>> Please show authorizations.xml, thank you.
>>
>> Also, you shouldn't really be using wildcard certs -
>> https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#wildcard_certificates
>>
>> On Tue, Sep 3, 2019 at 5:32 AM Dweep Sharma <dw...@redbus.com> wrote:
>> >
>> > Can someone take a peek at this - what could be wrong? Thanks
>> >
>> > -Dweep
>> >
>> > On Fri, Aug 30, 2019 at 4:52 PM Dweep Sharma <dw...@redbus.com> wrote:
>> >>
>> >> Hi All,
>> >>
>> >> I am receiving an error while setting up a 2 node cluster (external zk) using Google Auth [OpenID connect]
>> >>
>> >> Insufficient Permissions
>> >> Untrusted proxy CN=*.dummy.com, OU=NIFI
>> >>
>> >>
>> >> We have used nifi toolkit to generate the certificates:
>> >> ./bin/tls-toolkit.sh standalone -n '*.dummy.com'
>> >>
>> >>
>> >> Details from authorizers and users xml
>> >>
>> >> authorizers.xml:
>> >> <authorizers>
>> >> <userGroupProvider>
>> >> <identifier>file-user-group-provider</identifier>
>> >> <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
>> >> <property name="Users File">./conf/users.xml</property>
>> >> <property name="Legacy Authorized Users File"></property>
>> >>
>> >> <property name="Initial User Identity 1">vidya.b@dummy.com</property>
>> >> </userGroupProvider>
>> >> <accessPolicyProvider>
>> >> <identifier>file-access-policy-provider</identifier>
>> >> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
>> >> <property name="User Group Provider">file-user-group-provider</property>
>> >> <property name="Authorizations File">./conf/authorizations.xml</property>
>> >> <property name="Initial Admin Identity">vidya.b@dummy.com</property>
>> >> <property name="Legacy Authorized Users File"></property>
>> >> <property name="Node Identity 1">CN=dpdum1.dummy.com, OU=NIFI</property>
>> >> <property name="Node Identity 2">CN=dpdum2.dummy.com, OU=NIFI</property>
>> >> <property name="Node Group"></property>
>> >> </accessPolicyProvider>
>> >> <authorizer>
>> >> <identifier>managed-authorizer</identifier>
>> >> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
>> >> <property name="Access Policy Provider">file-access-policy-provider</property>
>> >> </authorizer>
>> >> </authorizers>
>> >>
>> >>
>> >>
>> >> Users.xml
>> >> ?xml version="1.0" encoding="UTF-8" standalone="yes"?>
>> >> <tenants>
>> >> <groups>
>> >> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888" name="admin">
>> >> <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947"/>
>> >> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
>> >> </group>
>> >> <group identifier="ae4a9755-016c-1000-4425-4df789a817eb" name="readonly">
>> >> <user identifier="ae4fba22-016c-1000-de8b-579daa5f7a5f"/>
>> >> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
>> >> </group>
>> >> </groups>
>> >> <users>
>> >> <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947" identity="dweep.sharma@dummy.com"/>
>> >> </users>
>> >> </tenants>
>> >>
>> >>
>> >>
>> >> Can someone point out what could be wrong. Also if any further info is required to diagnose this
>> >>
>> >> Also, this is hosted on AWS. Is there any way to use ACM as our certificate manage ?
>> >>
>> >>
>> >>
>> >>
>> >
>> > ::DISCLAIMER::
>> > ----------------------------------------------------------------------------------------------------------------------------------------------------
>> >
>> > The contents of this e-mail and any attachments are confidential and intended for the named recipient(s) only.E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted,lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents(with or without referred errors) shall therefore not attach any liability on the originator or redBus.com. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of redBus.com. Any form of reproduction, dissemination, copying, disclosure, modification,distribution and / or publication of this message without the prior written consent of authorized representative of redbus.com is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately.Before opening any email and/or attachments, please check them for viruses and other defects.
>
>
> ::DISCLAIMER::
> ----------------------------------------------------------------------------------------------------------------------------------------------------
>
> The contents of this e-mail and any attachments are confidential and intended for the named recipient(s) only.E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted,lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents(with or without referred errors) shall therefore not attach any liability on the originator or redBus.com. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of redBus.com. Any form of reproduction, dissemination, copying, disclosure, modification,distribution and / or publication of this message without the prior written consent of authorized representative of redbus.com is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately.Before opening any email and/or attachments, please check them for viruses and other defects.
Re: Nifi Cluster Untrusted Proxy Error
Posted by Andy LoPresto <al...@apache.org>.
We are working on additional documentation to explain the details of TLS-based trust, but this is a complicated topic and not specifically a core area of existing NiFi docs as it is an independent topic. I would recommend this post [1] for an understanding of the actual TLS process, and this high-level overview of how Java keystores work [2]. For NiFi, each node needs to present a certificate via the keystore which identifies the node and is signed by a certificate in (or explicitly present in) the truststore of every other node.
[1] https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work/20847#20847 <https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work/20847#20847>
[2] https://dzone.com/articles/ssl-in-java <https://dzone.com/articles/ssl-in-java>
Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69
> On Sep 5, 2019, at 12:08 AM, Dweep Sharma <dw...@redbus.com> wrote:
>
> Sure, could you please share resources on how to enable trust between ssl certs on two nodes
>
> authorizations.xml
>
>
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <authorizations>
> <policies>
> <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f" resource="/flow" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <group identifier="ae4a9755-016c-1000-4425-4df789a817eb"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515" resource="/restricted-components" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7" resource="/tenants" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5" resource="/tenants" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212" resource="/policies" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d" resource="/policies" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03" resource="/controller" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf" resource="/controller" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> </policy>
> <policy identifier="ae532a4c-016c-1000-637f-38253914a685" resource="/provenance" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="ae53e58e-016c-1000-f966-18717c5645c1" resource="/site-to-site" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="ae540f7c-016c-1000-5ecb-f7a9d7405555" resource="/system" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="ae54451d-016c-1000-e0e2-a380de6679dc" resource="/proxy" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="ae546c4b-016c-1000-9746-99f5962b2e62" resource="/counters" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="ae5491ad-016c-1000-83b1-6944c8285a16" resource="/counters" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b2f8f7ee-016c-1000-4bc2-d796491fd0e0" resource="/policies/process-groups/a97c370b-016c-1000-87c2-2ed45eaf0b48" action="R"/>
> <policy identifier="b3bdee5c-016c-1000-f4da-b0a283608f91" resource="/process-groups/a97c370b-016c-1000-87c2-2ed45eaf0b48" action="R"/>
> <policy identifier="b3c011b8-016c-1000-88d8-b235d11aefba" resource="/process-groups/a97c370b-016c-1000-87c2-2ed45eaf0b48" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b3c868ff-016c-1000-e606-835dc5c659e8" resource="/operation/processors/b3c48d49-016c-1000-8396-950d03ad5e07" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b3cb4b2a-016c-1000-a191-eeb3995dd942" resource="/operation/processors/b3c8228a-016c-1000-8e36-f4315d3da34c" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b3cbad5a-016c-1000-52c6-3e37a288ad34" resource="/operation/process-groups/b3c41e61-016c-1000-b40f-21bbefe6599c" action="W">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b3cd1977-016c-1000-a920-be900586ad57" resource="/processors/b3c48d49-016c-1000-8396-950d03ad5e07" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b3cdb1b0-016c-1000-cc57-d0921d512c2c" resource="/process-groups/b3c41e61-016c-1000-b40f-21bbefe6599c" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> </policy>
> <policy identifier="b3cead39-016c-1000-7280-5df3b2903103" resource="/process-groups/b3ce9097-016c-1000-fbbe-c5f148d3d5bc" action="R">
> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
> <group identifier="ae4a9755-016c-1000-4425-4df789a817eb"/>
> </policy>
> </policies>
> </authorizations>
>
> On Tue, Sep 3, 2019 at 7:15 PM Bryan Bende <bbende@gmail.com <ma...@gmail.com>> wrote:
> Please show authorizations.xml, thank you.
>
> Also, you shouldn't really be using wildcard certs -
> https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#wildcard_certificates <https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#wildcard_certificates>
>
> On Tue, Sep 3, 2019 at 5:32 AM Dweep Sharma <dweep.sharma@redbus.com <ma...@redbus.com>> wrote:
> >
> > Can someone take a peek at this - what could be wrong? Thanks
> >
> > -Dweep
> >
> > On Fri, Aug 30, 2019 at 4:52 PM Dweep Sharma <dweep.sharma@redbus.com <ma...@redbus.com>> wrote:
> >>
> >> Hi All,
> >>
> >> I am receiving an error while setting up a 2 node cluster (external zk) using Google Auth [OpenID connect]
> >>
> >> Insufficient Permissions
> >> Untrusted proxy CN=*.dummy.com <http://dummy.com/>, OU=NIFI
> >>
> >>
> >> We have used nifi toolkit to generate the certificates:
> >> ./bin/tls-toolkit.sh standalone -n '*.dummy.com <http://dummy.com/>'
> >>
> >>
> >> Details from authorizers and users xml
> >>
> >> authorizers.xml:
> >> <authorizers>
> >> <userGroupProvider>
> >> <identifier>file-user-group-provider</identifier>
> >> <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
> >> <property name="Users File">./conf/users.xml</property>
> >> <property name="Legacy Authorized Users File"></property>
> >>
> >> <property name="Initial User Identity 1">vidya.b@dummy.com <ma...@dummy.com></property>
> >> </userGroupProvider>
> >> <accessPolicyProvider>
> >> <identifier>file-access-policy-provider</identifier>
> >> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
> >> <property name="User Group Provider">file-user-group-provider</property>
> >> <property name="Authorizations File">./conf/authorizations.xml</property>
> >> <property name="Initial Admin Identity">vidya.b@dummy.com <ma...@dummy.com></property>
> >> <property name="Legacy Authorized Users File"></property>
> >> <property name="Node Identity 1">CN=dpdum1.dummy.com <http://dpdum1.dummy.com/>, OU=NIFI</property>
> >> <property name="Node Identity 2">CN=dpdum2.dummy.com <http://dpdum2.dummy.com/>, OU=NIFI</property>
> >> <property name="Node Group"></property>
> >> </accessPolicyProvider>
> >> <authorizer>
> >> <identifier>managed-authorizer</identifier>
> >> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
> >> <property name="Access Policy Provider">file-access-policy-provider</property>
> >> </authorizer>
> >> </authorizers>
> >>
> >>
> >>
> >> Users.xml
> >> ?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> >> <tenants>
> >> <groups>
> >> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888" name="admin">
> >> <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947"/>
> >> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> >> </group>
> >> <group identifier="ae4a9755-016c-1000-4425-4df789a817eb" name="readonly">
> >> <user identifier="ae4fba22-016c-1000-de8b-579daa5f7a5f"/>
> >> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> >> </group>
> >> </groups>
> >> <users>
> >> <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947" identity="dweep.sharma@dummy.com <ma...@dummy.com>"/>
> >> </users>
> >> </tenants>
> >>
> >>
> >>
> >> Can someone point out what could be wrong. Also if any further info is required to diagnose this
> >>
> >> Also, this is hosted on AWS. Is there any way to use ACM as our certificate manage ?
> >>
> >>
> >>
> >>
> >
> > ::DISCLAIMER::
> > ----------------------------------------------------------------------------------------------------------------------------------------------------
> >
> > The contents of this e-mail and any attachments are confidential and intended for the named recipient(s) only.E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted,lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents(with or without referred errors) shall therefore not attach any liability on the originator or redBus.com. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of redBus.com. Any form of reproduction, dissemination, copying, disclosure, modification,distribution and / or publication of this message without the prior written consent of authorized representative of redbus.com <http://redbus.com/> is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately.Before opening any email and/or attachments, please check them for viruses and other defects.
>
> ::DISCLAIMER::
> ----------------------------------------------------------------------------------------------------------------------------------------------------
>
> The contents of this e-mail and any attachments are confidential and intended for the named recipient(s) only.E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted,lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents(with or without referred errors) shall therefore not attach any liability on the originator or redBus.com. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of redBus.com. Any form of reproduction, dissemination, copying, disclosure, modification,distribution and / or publication of this message without the prior written consent of authorized representative of redbus. <http://redbus.in/>com is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately.Before opening any email and/or attachments, please check them for viruses and other defects.
Re: Nifi Cluster Untrusted Proxy Error
Posted by Dweep Sharma <dw...@redbus.com>.
Sure, could you please share resources on how to enable trust between ssl
certs on two nodes
authorizations.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<authorizations>
<policies>
<policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f"
resource="/flow" action="R">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
<group identifier="ae4a9755-016c-1000-4425-4df789a817eb"/>
<user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
</policy>
<policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515"
resource="/restricted-components" action="W">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
<user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
</policy>
<policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7"
resource="/tenants" action="R">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
<user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
</policy>
<policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5"
resource="/tenants" action="W">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
<user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
</policy>
<policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212"
resource="/policies" action="R">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
<user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
</policy>
<policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d"
resource="/policies" action="W">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
<user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
</policy>
<policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03"
resource="/controller" action="R">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
<user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
</policy>
<policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf"
resource="/controller" action="W">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
<user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
</policy>
<policy identifier="ae532a4c-016c-1000-637f-38253914a685"
resource="/provenance" action="R">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
</policy>
<policy identifier="ae53e58e-016c-1000-f966-18717c5645c1"
resource="/site-to-site" action="R">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
</policy>
<policy identifier="ae540f7c-016c-1000-5ecb-f7a9d7405555"
resource="/system" action="R">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
</policy>
<policy identifier="ae54451d-016c-1000-e0e2-a380de6679dc"
resource="/proxy" action="W">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
</policy>
<policy identifier="ae546c4b-016c-1000-9746-99f5962b2e62"
resource="/counters" action="R">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
</policy>
<policy identifier="ae5491ad-016c-1000-83b1-6944c8285a16"
resource="/counters" action="W">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
</policy>
<policy identifier="b2f8f7ee-016c-1000-4bc2-d796491fd0e0"
resource="/policies/process-groups/a97c370b-016c-1000-87c2-2ed45eaf0b48"
action="R"/>
<policy identifier="b3bdee5c-016c-1000-f4da-b0a283608f91"
resource="/process-groups/a97c370b-016c-1000-87c2-2ed45eaf0b48" action="R"/>
<policy identifier="b3c011b8-016c-1000-88d8-b235d11aefba"
resource="/process-groups/a97c370b-016c-1000-87c2-2ed45eaf0b48" action="W">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
</policy>
<policy identifier="b3c868ff-016c-1000-e606-835dc5c659e8"
resource="/operation/processors/b3c48d49-016c-1000-8396-950d03ad5e07"
action="W">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
</policy>
<policy identifier="b3cb4b2a-016c-1000-a191-eeb3995dd942"
resource="/operation/processors/b3c8228a-016c-1000-8e36-f4315d3da34c"
action="W">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
</policy>
<policy identifier="b3cbad5a-016c-1000-52c6-3e37a288ad34"
resource="/operation/process-groups/b3c41e61-016c-1000-b40f-21bbefe6599c"
action="W">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
</policy>
<policy identifier="b3cd1977-016c-1000-a920-be900586ad57"
resource="/processors/b3c48d49-016c-1000-8396-950d03ad5e07" action="R">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
</policy>
<policy identifier="b3cdb1b0-016c-1000-cc57-d0921d512c2c"
resource="/process-groups/b3c41e61-016c-1000-b40f-21bbefe6599c" action="R">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
</policy>
<policy identifier="b3cead39-016c-1000-7280-5df3b2903103"
resource="/process-groups/b3ce9097-016c-1000-fbbe-c5f148d3d5bc" action="R">
<group identifier="ae4a4221-016c-1000-a933-2243c2e28888"/>
<group identifier="ae4a9755-016c-1000-4425-4df789a817eb"/>
</policy>
</policies>
</authorizations>
On Tue, Sep 3, 2019 at 7:15 PM Bryan Bende <bb...@gmail.com> wrote:
> Please show authorizations.xml, thank you.
>
> Also, you shouldn't really be using wildcard certs -
>
> https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#wildcard_certificates
>
> On Tue, Sep 3, 2019 at 5:32 AM Dweep Sharma <dw...@redbus.com>
> wrote:
> >
> > Can someone take a peek at this - what could be wrong? Thanks
> >
> > -Dweep
> >
> > On Fri, Aug 30, 2019 at 4:52 PM Dweep Sharma <dw...@redbus.com>
> wrote:
> >>
> >> Hi All,
> >>
> >> I am receiving an error while setting up a 2 node cluster (external zk)
> using Google Auth [OpenID connect]
> >>
> >> Insufficient Permissions
> >> Untrusted proxy CN=*.dummy.com, OU=NIFI
> >>
> >>
> >> We have used nifi toolkit to generate the certificates:
> >> ./bin/tls-toolkit.sh standalone -n '*.dummy.com'
> >>
> >>
> >> Details from authorizers and users xml
> >>
> >> authorizers.xml:
> >> <authorizers>
> >> <userGroupProvider>
> >> <identifier>file-user-group-provider</identifier>
> >> <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
> >> <property name="Users File">./conf/users.xml</property>
> >> <property name="Legacy Authorized Users File"></property>
> >>
> >> <property name="Initial User Identity 1">vidya.b@dummy.com</property>
> >> </userGroupProvider>
> >> <accessPolicyProvider>
> >> <identifier>file-access-policy-provider</identifier>
> >> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
> >> <property name="User Group
> Provider">file-user-group-provider</property>
> >> <property name="Authorizations
> File">./conf/authorizations.xml</property>
> >> <property name="Initial Admin Identity">vidya.b@dummy.com</property>
> >> <property name="Legacy Authorized Users File"></property>
> >> <property name="Node Identity 1">CN=dpdum1.dummy.com,
> OU=NIFI</property>
> >> <property name="Node Identity 2">CN=dpdum2.dummy.com,
> OU=NIFI</property>
> >> <property name="Node Group"></property>
> >> </accessPolicyProvider>
> >> <authorizer>
> >> <identifier>managed-authorizer</identifier>
> >>
> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
> >> <property name="Access Policy
> Provider">file-access-policy-provider</property>
> >> </authorizer>
> >> </authorizers>
> >>
> >>
> >>
> >> Users.xml
> >> ?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> >> <tenants>
> >> <groups>
> >> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"
> name="admin">
> >> <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947"/>
> >> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> >> </group>
> >> <group identifier="ae4a9755-016c-1000-4425-4df789a817eb"
> name="readonly">
> >> <user identifier="ae4fba22-016c-1000-de8b-579daa5f7a5f"/>
> >> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> >> </group>
> >> </groups>
> >> <users>
> >> <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947"
> identity="dweep.sharma@dummy.com"/>
> >> </users>
> >> </tenants>
> >>
> >>
> >>
> >> Can someone point out what could be wrong. Also if any further info is
> required to diagnose this
> >>
> >> Also, this is hosted on AWS. Is there any way to use ACM as our
> certificate manage ?
> >>
> >>
> >>
> >>
> >
> > ::DISCLAIMER::
> >
> ----------------------------------------------------------------------------------------------------------------------------------------------------
> >
> > The contents of this e-mail and any attachments are confidential and
> intended for the named recipient(s) only.E-mail transmission is not
> guaranteed to be secure or error-free as information could be intercepted,
> corrupted,lost, destroyed, arrive late or incomplete, or may contain
> viruses in transmission. The e mail and its contents(with or without
> referred errors) shall therefore not attach any liability on the originator
> or redBus.com. Views or opinions, if any, presented in this email are
> solely those of the author and may not necessarily reflect the views or
> opinions of redBus.com. Any form of reproduction, dissemination, copying,
> disclosure, modification,distribution and / or publication of this message
> without the prior written consent of authorized representative of
> redbus.com is strictly prohibited. If you have received this email in
> error please delete it and notify the sender immediately.Before opening any
> email and/or attachments, please check them for viruses and other defects.
>
--
*::DISCLAIMER::
----------------------------------------------------------------------------------------------------------------------------------------------------
The contents of this e-mail and any attachments are confidential and
intended for the named recipient(s) only.E-mail transmission is not
guaranteed to be secure or error-free as information could be intercepted,
corrupted,lost, destroyed, arrive late or incomplete, or may contain
viruses in transmission. The e mail and its contents(with or without
referred errors) shall therefore not attach any liability on the originator
or redBus.com. Views or opinions, if any, presented in this email are
solely those of the author and may not necessarily reflect the views or
opinions of redBus.com. Any form of reproduction, dissemination, copying,
disclosure, modification,distribution and / or publication of this message
without the prior written consent of authorized representative of redbus.
<http://redbus.in/>com is strictly prohibited. If you have received this
email in error please delete it and notify the sender immediately.Before
opening any email and/or attachments, please check them for viruses and
other defects.*
Re: Nifi Cluster Untrusted Proxy Error
Posted by Dweep Sharma <dw...@redbus.com>.
Sure, could you please share resources on how to enable trust between ssl
certs on two nodes
Attaching the authorizations.xml as there was an issue pasting it directly
to the mail body
On Tue, Sep 3, 2019 at 7:15 PM Bryan Bende <bb...@gmail.com> wrote:
> Please show authorizations.xml, thank you.
>
> Also, you shouldn't really be using wildcard certs -
>
> https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#wildcard_certificates
>
> On Tue, Sep 3, 2019 at 5:32 AM Dweep Sharma <dw...@redbus.com>
> wrote:
> >
> > Can someone take a peek at this - what could be wrong? Thanks
> >
> > -Dweep
> >
> > On Fri, Aug 30, 2019 at 4:52 PM Dweep Sharma <dw...@redbus.com>
> wrote:
> >>
> >> Hi All,
> >>
> >> I am receiving an error while setting up a 2 node cluster (external zk)
> using Google Auth [OpenID connect]
> >>
> >> Insufficient Permissions
> >> Untrusted proxy CN=*.dummy.com, OU=NIFI
> >>
> >>
> >> We have used nifi toolkit to generate the certificates:
> >> ./bin/tls-toolkit.sh standalone -n '*.dummy.com'
> >>
> >>
> >> Details from authorizers and users xml
> >>
> >> authorizers.xml:
> >> <authorizers>
> >> <userGroupProvider>
> >> <identifier>file-user-group-provider</identifier>
> >> <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
> >> <property name="Users File">./conf/users.xml</property>
> >> <property name="Legacy Authorized Users File"></property>
> >>
> >> <property name="Initial User Identity 1">vidya.b@dummy.com</property>
> >> </userGroupProvider>
> >> <accessPolicyProvider>
> >> <identifier>file-access-policy-provider</identifier>
> >> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
> >> <property name="User Group
> Provider">file-user-group-provider</property>
> >> <property name="Authorizations
> File">./conf/authorizations.xml</property>
> >> <property name="Initial Admin Identity">vidya.b@dummy.com</property>
> >> <property name="Legacy Authorized Users File"></property>
> >> <property name="Node Identity 1">CN=dpdum1.dummy.com,
> OU=NIFI</property>
> >> <property name="Node Identity 2">CN=dpdum2.dummy.com,
> OU=NIFI</property>
> >> <property name="Node Group"></property>
> >> </accessPolicyProvider>
> >> <authorizer>
> >> <identifier>managed-authorizer</identifier>
> >>
> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
> >> <property name="Access Policy
> Provider">file-access-policy-provider</property>
> >> </authorizer>
> >> </authorizers>
> >>
> >>
> >>
> >> Users.xml
> >> ?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> >> <tenants>
> >> <groups>
> >> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888"
> name="admin">
> >> <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947"/>
> >> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> >> </group>
> >> <group identifier="ae4a9755-016c-1000-4425-4df789a817eb"
> name="readonly">
> >> <user identifier="ae4fba22-016c-1000-de8b-579daa5f7a5f"/>
> >> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
> >> </group>
> >> </groups>
> >> <users>
> >> <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947"
> identity="dweep.sharma@dummy.com"/>
> >> </users>
> >> </tenants>
> >>
> >>
> >>
> >> Can someone point out what could be wrong. Also if any further info is
> required to diagnose this
> >>
> >> Also, this is hosted on AWS. Is there any way to use ACM as our
> certificate manage ?
> >>
> >>
> >>
> >>
> >
> > ::DISCLAIMER::
> >
> ----------------------------------------------------------------------------------------------------------------------------------------------------
> >
> > The contents of this e-mail and any attachments are confidential and
> intended for the named recipient(s) only.E-mail transmission is not
> guaranteed to be secure or error-free as information could be intercepted,
> corrupted,lost, destroyed, arrive late or incomplete, or may contain
> viruses in transmission. The e mail and its contents(with or without
> referred errors) shall therefore not attach any liability on the originator
> or redBus.com. Views or opinions, if any, presented in this email are
> solely those of the author and may not necessarily reflect the views or
> opinions of redBus.com. Any form of reproduction, dissemination, copying,
> disclosure, modification,distribution and / or publication of this message
> without the prior written consent of authorized representative of
> redbus.com is strictly prohibited. If you have received this email in
> error please delete it and notify the sender immediately.Before opening any
> email and/or attachments, please check them for viruses and other defects.
>
--
*::DISCLAIMER::
----------------------------------------------------------------------------------------------------------------------------------------------------
The contents of this e-mail and any attachments are confidential and
intended for the named recipient(s) only.E-mail transmission is not
guaranteed to be secure or error-free as information could be intercepted,
corrupted,lost, destroyed, arrive late or incomplete, or may contain
viruses in transmission. The e mail and its contents(with or without
referred errors) shall therefore not attach any liability on the originator
or redBus.com. Views or opinions, if any, presented in this email are
solely those of the author and may not necessarily reflect the views or
opinions of redBus.com. Any form of reproduction, dissemination, copying,
disclosure, modification,distribution and / or publication of this message
without the prior written consent of authorized representative of redbus.
<http://redbus.in/>com is strictly prohibited. If you have received this
email in error please delete it and notify the sender immediately.Before
opening any email and/or attachments, please check them for viruses and
other defects.*
Re: Nifi Cluster Untrusted Proxy Error
Posted by Bryan Bende <bb...@gmail.com>.
Please show authorizations.xml, thank you.
Also, you shouldn't really be using wildcard certs -
https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#wildcard_certificates
On Tue, Sep 3, 2019 at 5:32 AM Dweep Sharma <dw...@redbus.com> wrote:
>
> Can someone take a peek at this - what could be wrong? Thanks
>
> -Dweep
>
> On Fri, Aug 30, 2019 at 4:52 PM Dweep Sharma <dw...@redbus.com> wrote:
>>
>> Hi All,
>>
>> I am receiving an error while setting up a 2 node cluster (external zk) using Google Auth [OpenID connect]
>>
>> Insufficient Permissions
>> Untrusted proxy CN=*.dummy.com, OU=NIFI
>>
>>
>> We have used nifi toolkit to generate the certificates:
>> ./bin/tls-toolkit.sh standalone -n '*.dummy.com'
>>
>>
>> Details from authorizers and users xml
>>
>> authorizers.xml:
>> <authorizers>
>> <userGroupProvider>
>> <identifier>file-user-group-provider</identifier>
>> <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
>> <property name="Users File">./conf/users.xml</property>
>> <property name="Legacy Authorized Users File"></property>
>>
>> <property name="Initial User Identity 1">vidya.b@dummy.com</property>
>> </userGroupProvider>
>> <accessPolicyProvider>
>> <identifier>file-access-policy-provider</identifier>
>> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
>> <property name="User Group Provider">file-user-group-provider</property>
>> <property name="Authorizations File">./conf/authorizations.xml</property>
>> <property name="Initial Admin Identity">vidya.b@dummy.com</property>
>> <property name="Legacy Authorized Users File"></property>
>> <property name="Node Identity 1">CN=dpdum1.dummy.com, OU=NIFI</property>
>> <property name="Node Identity 2">CN=dpdum2.dummy.com, OU=NIFI</property>
>> <property name="Node Group"></property>
>> </accessPolicyProvider>
>> <authorizer>
>> <identifier>managed-authorizer</identifier>
>> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
>> <property name="Access Policy Provider">file-access-policy-provider</property>
>> </authorizer>
>> </authorizers>
>>
>>
>>
>> Users.xml
>> ?xml version="1.0" encoding="UTF-8" standalone="yes"?>
>> <tenants>
>> <groups>
>> <group identifier="ae4a4221-016c-1000-a933-2243c2e28888" name="admin">
>> <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947"/>
>> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
>> </group>
>> <group identifier="ae4a9755-016c-1000-4425-4df789a817eb" name="readonly">
>> <user identifier="ae4fba22-016c-1000-de8b-579daa5f7a5f"/>
>> <user identifier="bcdd9a36-5b3d-3158-b48b-7fc6ec71b436"/>
>> </group>
>> </groups>
>> <users>
>> <user identifier="ae4b298b-016c-1000-ed39-d2066a60f947" identity="dweep.sharma@dummy.com"/>
>> </users>
>> </tenants>
>>
>>
>>
>> Can someone point out what could be wrong. Also if any further info is required to diagnose this
>>
>> Also, this is hosted on AWS. Is there any way to use ACM as our certificate manage ?
>>
>>
>>
>>
>
> ::DISCLAIMER::
> ----------------------------------------------------------------------------------------------------------------------------------------------------
>
> The contents of this e-mail and any attachments are confidential and intended for the named recipient(s) only.E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted,lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents(with or without referred errors) shall therefore not attach any liability on the originator or redBus.com. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of redBus.com. Any form of reproduction, dissemination, copying, disclosure, modification,distribution and / or publication of this message without the prior written consent of authorized representative of redbus.com is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately.Before opening any email and/or attachments, please check them for viruses and other defects.