You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by "Ganesh, B (Nokia - IN/Bangalore)" <b....@nokia.com> on 2020/04/17 10:13:54 UTC
Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Hi ,
I am facing issue with Nifi 1.11.4 in Kerberos mode , whereas nifi 1.9.2 not seeing this issue .
I am using kdc version as 2.2.5
Can anybody help me on this ?
REST call to 'https://10.75.156.102:30088/nifi-api/flow/client-id is failed with below error
java.lang.IllegalArgumentException: The supplied username and password are not valid.}. Returning Bad Request} response."}
java.lang.IllegalArgumentException: The supplied username and password are not valid.
at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.apache.nifi.authentication.exception.InvalidLoginCredentialsException: Kerberos authentication failed
... 84 common frames omitted
Caused by: org.springframework.security.authentication.BadCredentialsException: Kerberos authentication failed
at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
... 86 common frames omitted
Caused by: javax.security.auth.login.LoginException: Cannot locate KDC
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
.java:59)
... 88 common frames omitted
Caused by: sun.security.krb5.KrbException: Cannot locate KDC
at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
... 96 common frames omitted
Caused by: sun.security.krb5.KrbException: Generic error (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM
at java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
... 101 common frames omitted
RE: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Posted by "Ganesh, B (Nokia - IN/Bangalore)" <b....@nokia.com>.
Hi ,
Thanks for the info , issue is resolved after changing default_releam param in login-identity-providers.xml .
Thanks & Regards,
Ganesh.B
-----Original Message-----
From: Bryan Bende <bb...@gmail.com>
Sent: Friday, April 17, 2020 11:21 PM
To: dev@nifi.apache.org
Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
In versions prior to 1.10.0, the Default Realm was never used and that was fixed with this JIRA [1].
So if it was working for you before 1.9.2, that means it was working without a Default Realm, so you should probably remove the NIFI.COM from Default Realm.
[1] https://issues.apache.org/jira/browse/NIFI-6224
On Fri, Apr 17, 2020 at 1:48 PM Ganesh, B (Nokia - IN/Bangalore) < b.ganesh@nokia.com> wrote:
> Hi ,
>
> In the file login-identity-providers.xml configuration is mentioned
> below , but in case of Nifi 1.9.2 also it is configured as same .
>
> <provider>
> <identifier>kerberos-provider</identifier>
> <class>org.apache.nifi.kerberos.KerberosProvider</class>
> <property name="Default Realm">NIFI.COM</property>
> <property name="Authentication Expiration">12 hours</property>
> </provider>
>
>
> And below is the complete back trace of the issue .
>
> er java.lang.IllegalArgumentException: The supplied username and
> password are not valid.}. Returning Bad Request} response."}
> java.lang.IllegalArgumentException: The supplied username and password
> are not valid.
> at
> org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
> at
> org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200)
> at
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
> at
> org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51)
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletH
> andler.java:1610)
>
> at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by:
> org.apache.nifi.authentication.exception.InvalidLoginCredentialsException:
> Kerberos authentication failed
> at
> org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:125)
> at
> org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:315)
> at
> org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:729)
> ... 84 common frames omitted
> Caused by:
> org.springframework.security.authentication.BadCredentialsException:
> Kerberos authentication failed
> at
> org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
> at
> org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider.authenticate(KerberosAuthenticationProvider.java:40)
> at
> org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:117)
> ... 86 common frames omitted
> Caused by: javax.security.auth.login.LoginException: Cannot locate KDC
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
> at
> java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
> at
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
> at
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
> at
> java.base/java.security.AccessController.doPrivileged(Native
> Method)
> at
> java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
> at
> java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
> at
> org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:59)
> ... 88 common frames omitted
> Caused by: sun.security.krb5.KrbException: Cannot locate KDC
> at
> java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259)
> at
> java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:218)
> at
> java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:200)
> at
> java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:343)
> at
> java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:447)
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
> ... 96 common frames omitted
> Caused by: sun.security.krb5.KrbException: Generic error (description
> in
> e-text) (60) - Unable to locate KDC for realm NIFI.COM
> at
> java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
> at
> java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
> ... 101 common frames omitted
>
>
> Thanks & Regards,
> Ganesh.B
> -----Original Message-----
> From: Bryan Bende <bb...@gmail.com>
> Sent: Friday, April 17, 2020 8:53 PM
> To: dev@nifi.apache.org
> Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
>
> Check your Default Realm in login-identity-providers.xml
>
> On Fri, Apr 17, 2020 at 11:05 AM Shawn Weeks
> <sw...@weeksconsulting.us>
> wrote:
>
> > For some reason NiFi is trying to use the realm NIFI.COM. I'd search
> > through your config files and your Kerberos Credential Service and
> > see where that's coming from.
> >
> > Thanks
> >
> > On 4/17/20, 7:49 AM, "Ganesh, B (Nokia - IN/Bangalore)" <
> > b.ganesh@nokia.com> wrote:
> >
> > Hi ,
> >
> > no ,
> > default_realm = NOKIA.COM
> >
> >
> >
> > -----Original Message-----
> > From: Shawn Weeks <sw...@weeksconsulting.us>
> > Sent: Friday, April 17, 2020 5:43 PM
> > To: dev@nifi.apache.org
> > Subject: Re: Nifi with kerberos(kdc) is not working in Nifi
> > 1.11.4
> >
> > Can you verify that your KDC Realm is really NIFI.COM and that
> > it's defined in /etc/krb5.conf?
> >
> > Thanks
> > Shawn
> >
> > On 4/17/20, 5:14 AM, "Ganesh, B (Nokia - IN/Bangalore)" <
> > b.ganesh@nokia.com> wrote:
> >
> > Hi ,
> >
> > I am facing issue with Nifi 1.11.4 in Kerberos mode ,
> > whereas nifi 1.9.2 not seeing this issue .
> > I am using kdc version as 2.2.5
> >
> > Can anybody help me on this ?
> >
> > REST call to
> > 'https://10.75.156.102:30088/nifi-api/flow/client-id
> > is failed with below error
> >
> > java.lang.IllegalArgumentException: The supplied username
> > and password are not valid.}. Returning Bad Request} response."}
> > java.lang.IllegalArgumentException: The supplied username
> > and password are not valid.
> > at
> >
> org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResourc
> e.java:735)
> > at
> > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Nati
> > ve
> > Method)
> > at java.base/java.lang.Thread.run(Thread.java:834)
> > Caused by:
> >
> org.apache.nifi.authentication.exception.InvalidLoginCredentialsException:
> > Kerberos authentication failed
> > ... 84 common frames omitted
> > Caused by:
> > org.springframework.security.authentication.BadCredentialsException:
> > Kerberos authentication failed
> > at
> >
> org.springframework.security.kerberos.authentication.sun.SunJaasKerber
> osClient.login(SunJaasKerberosClient.java:66)
> > ... 86 common frames omitted
> > Caused by: javax.security.auth.login.LoginException: Cannot
> > locate KDC
> > at
> >
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attempt
> Authentication(Krb5LoginModule.java:782)
> > .java:59)
> > ... 88 common frames omitted
> > Caused by: sun.security.krb5.KrbException: Cannot locate KDC
> > at
> > java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1
> > 25
> > 9)
> >
> > at
> >
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attempt
> Authentication(Krb5LoginModule.java:744)
> > ... 96 common frames omitted
> > Caused by: sun.security.krb5.KrbException: Generic error
> > (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM
> > at
> >
> java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:
> 1356)
> > at
> > java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
> > ... 101 common frames omitted
> >
> >
> >
> >
> >
> >
> >
> >
>
RE: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Posted by "Ganesh, B (Nokia - IN/Bangalore)" <b....@nokia.com>.
Hi ,
Thanks a lot , I will test and post the result .
Thanks & Regards,
Ganesh.B
-----Original Message-----
From: Bryan Bende <bb...@gmail.com>
Sent: Friday, April 17, 2020 11:21 PM
To: dev@nifi.apache.org
Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
In versions prior to 1.10.0, the Default Realm was never used and that was fixed with this JIRA [1].
So if it was working for you before 1.9.2, that means it was working without a Default Realm, so you should probably remove the NIFI.COM from Default Realm.
[1] https://issues.apache.org/jira/browse/NIFI-6224
On Fri, Apr 17, 2020 at 1:48 PM Ganesh, B (Nokia - IN/Bangalore) < b.ganesh@nokia.com> wrote:
> Hi ,
>
> In the file login-identity-providers.xml configuration is mentioned
> below , but in case of Nifi 1.9.2 also it is configured as same .
>
> <provider>
> <identifier>kerberos-provider</identifier>
> <class>org.apache.nifi.kerberos.KerberosProvider</class>
> <property name="Default Realm">NIFI.COM</property>
> <property name="Authentication Expiration">12 hours</property>
> </provider>
>
>
> And below is the complete back trace of the issue .
>
> er java.lang.IllegalArgumentException: The supplied username and
> password are not valid.}. Returning Bad Request} response."}
> java.lang.IllegalArgumentException: The supplied username and password
> are not valid.
> at
> org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
> at
> org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200)
> at
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
> at
> org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51)
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletH
> andler.java:1610)
>
> at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by:
> org.apache.nifi.authentication.exception.InvalidLoginCredentialsException:
> Kerberos authentication failed
> at
> org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:125)
> at
> org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:315)
> at
> org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:729)
> ... 84 common frames omitted
> Caused by:
> org.springframework.security.authentication.BadCredentialsException:
> Kerberos authentication failed
> at
> org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
> at
> org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider.authenticate(KerberosAuthenticationProvider.java:40)
> at
> org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:117)
> ... 86 common frames omitted
> Caused by: javax.security.auth.login.LoginException: Cannot locate KDC
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
> at
> java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
> at
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
> at
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
> at
> java.base/java.security.AccessController.doPrivileged(Native
> Method)
> at
> java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
> at
> java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
> at
> org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:59)
> ... 88 common frames omitted
> Caused by: sun.security.krb5.KrbException: Cannot locate KDC
> at
> java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259)
> at
> java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:218)
> at
> java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:200)
> at
> java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:343)
> at
> java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:447)
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
> ... 96 common frames omitted
> Caused by: sun.security.krb5.KrbException: Generic error (description
> in
> e-text) (60) - Unable to locate KDC for realm NIFI.COM
> at
> java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
> at
> java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
> ... 101 common frames omitted
>
>
> Thanks & Regards,
> Ganesh.B
> -----Original Message-----
> From: Bryan Bende <bb...@gmail.com>
> Sent: Friday, April 17, 2020 8:53 PM
> To: dev@nifi.apache.org
> Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
>
> Check your Default Realm in login-identity-providers.xml
>
> On Fri, Apr 17, 2020 at 11:05 AM Shawn Weeks
> <sw...@weeksconsulting.us>
> wrote:
>
> > For some reason NiFi is trying to use the realm NIFI.COM. I'd search
> > through your config files and your Kerberos Credential Service and
> > see where that's coming from.
> >
> > Thanks
> >
> > On 4/17/20, 7:49 AM, "Ganesh, B (Nokia - IN/Bangalore)" <
> > b.ganesh@nokia.com> wrote:
> >
> > Hi ,
> >
> > no ,
> > default_realm = NOKIA.COM
> >
> >
> >
> > -----Original Message-----
> > From: Shawn Weeks <sw...@weeksconsulting.us>
> > Sent: Friday, April 17, 2020 5:43 PM
> > To: dev@nifi.apache.org
> > Subject: Re: Nifi with kerberos(kdc) is not working in Nifi
> > 1.11.4
> >
> > Can you verify that your KDC Realm is really NIFI.COM and that
> > it's defined in /etc/krb5.conf?
> >
> > Thanks
> > Shawn
> >
> > On 4/17/20, 5:14 AM, "Ganesh, B (Nokia - IN/Bangalore)" <
> > b.ganesh@nokia.com> wrote:
> >
> > Hi ,
> >
> > I am facing issue with Nifi 1.11.4 in Kerberos mode ,
> > whereas nifi 1.9.2 not seeing this issue .
> > I am using kdc version as 2.2.5
> >
> > Can anybody help me on this ?
> >
> > REST call to
> > 'https://10.75.156.102:30088/nifi-api/flow/client-id
> > is failed with below error
> >
> > java.lang.IllegalArgumentException: The supplied username
> > and password are not valid.}. Returning Bad Request} response."}
> > java.lang.IllegalArgumentException: The supplied username
> > and password are not valid.
> > at
> >
> org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResourc
> e.java:735)
> > at
> > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Nati
> > ve
> > Method)
> > at java.base/java.lang.Thread.run(Thread.java:834)
> > Caused by:
> >
> org.apache.nifi.authentication.exception.InvalidLoginCredentialsException:
> > Kerberos authentication failed
> > ... 84 common frames omitted
> > Caused by:
> > org.springframework.security.authentication.BadCredentialsException:
> > Kerberos authentication failed
> > at
> >
> org.springframework.security.kerberos.authentication.sun.SunJaasKerber
> osClient.login(SunJaasKerberosClient.java:66)
> > ... 86 common frames omitted
> > Caused by: javax.security.auth.login.LoginException: Cannot
> > locate KDC
> > at
> >
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attempt
> Authentication(Krb5LoginModule.java:782)
> > .java:59)
> > ... 88 common frames omitted
> > Caused by: sun.security.krb5.KrbException: Cannot locate KDC
> > at
> > java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1
> > 25
> > 9)
> >
> > at
> >
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attempt
> Authentication(Krb5LoginModule.java:744)
> > ... 96 common frames omitted
> > Caused by: sun.security.krb5.KrbException: Generic error
> > (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM
> > at
> >
> java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:
> 1356)
> > at
> > java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
> > ... 101 common frames omitted
> >
> >
> >
> >
> >
> >
> >
> >
>
Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Posted by Bryan Bende <bb...@gmail.com>.
In versions prior to 1.10.0, the Default Realm was never used and that was
fixed with this JIRA [1].
So if it was working for you before 1.9.2, that means it was working
without a Default Realm, so you should probably remove the NIFI.COM from
Default Realm.
[1] https://issues.apache.org/jira/browse/NIFI-6224
On Fri, Apr 17, 2020 at 1:48 PM Ganesh, B (Nokia - IN/Bangalore) <
b.ganesh@nokia.com> wrote:
> Hi ,
>
> In the file login-identity-providers.xml configuration is mentioned below
> , but in case of Nifi 1.9.2 also it is configured as same .
>
> <provider>
> <identifier>kerberos-provider</identifier>
> <class>org.apache.nifi.kerberos.KerberosProvider</class>
> <property name="Default Realm">NIFI.COM</property>
> <property name="Authentication Expiration">12 hours</property>
> </provider>
>
>
> And below is the complete back trace of the issue .
>
> er java.lang.IllegalArgumentException: The supplied username and password
> are not valid.}. Returning Bad Request} response."}
> java.lang.IllegalArgumentException: The supplied username and password are
> not valid.
> at
> org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
> at
> org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200)
> at
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
> at
> org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51)
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
>
> at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by:
> org.apache.nifi.authentication.exception.InvalidLoginCredentialsException:
> Kerberos authentication failed
> at
> org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:125)
> at
> org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:315)
> at
> org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:729)
> ... 84 common frames omitted
> Caused by:
> org.springframework.security.authentication.BadCredentialsException:
> Kerberos authentication failed
> at
> org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
> at
> org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider.authenticate(KerberosAuthenticationProvider.java:40)
> at
> org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:117)
> ... 86 common frames omitted
> Caused by: javax.security.auth.login.LoginException: Cannot locate KDC
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
> at
> java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
> at
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
> at
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
> at java.base/java.security.AccessController.doPrivileged(Native
> Method)
> at
> java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
> at
> java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
> at
> org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:59)
> ... 88 common frames omitted
> Caused by: sun.security.krb5.KrbException: Cannot locate KDC
> at
> java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259)
> at
> java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:218)
> at
> java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:200)
> at
> java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:343)
> at
> java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:447)
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
> ... 96 common frames omitted
> Caused by: sun.security.krb5.KrbException: Generic error (description in
> e-text) (60) - Unable to locate KDC for realm NIFI.COM
> at
> java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
> at
> java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
> ... 101 common frames omitted
>
>
> Thanks & Regards,
> Ganesh.B
> -----Original Message-----
> From: Bryan Bende <bb...@gmail.com>
> Sent: Friday, April 17, 2020 8:53 PM
> To: dev@nifi.apache.org
> Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
>
> Check your Default Realm in login-identity-providers.xml
>
> On Fri, Apr 17, 2020 at 11:05 AM Shawn Weeks <sw...@weeksconsulting.us>
> wrote:
>
> > For some reason NiFi is trying to use the realm NIFI.COM. I'd search
> > through your config files and your Kerberos Credential Service and see
> > where that's coming from.
> >
> > Thanks
> >
> > On 4/17/20, 7:49 AM, "Ganesh, B (Nokia - IN/Bangalore)" <
> > b.ganesh@nokia.com> wrote:
> >
> > Hi ,
> >
> > no ,
> > default_realm = NOKIA.COM
> >
> >
> >
> > -----Original Message-----
> > From: Shawn Weeks <sw...@weeksconsulting.us>
> > Sent: Friday, April 17, 2020 5:43 PM
> > To: dev@nifi.apache.org
> > Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
> >
> > Can you verify that your KDC Realm is really NIFI.COM and that
> > it's defined in /etc/krb5.conf?
> >
> > Thanks
> > Shawn
> >
> > On 4/17/20, 5:14 AM, "Ganesh, B (Nokia - IN/Bangalore)" <
> > b.ganesh@nokia.com> wrote:
> >
> > Hi ,
> >
> > I am facing issue with Nifi 1.11.4 in Kerberos mode ,
> > whereas nifi 1.9.2 not seeing this issue .
> > I am using kdc version as 2.2.5
> >
> > Can anybody help me on this ?
> >
> > REST call to
> > 'https://10.75.156.102:30088/nifi-api/flow/client-id
> > is failed with below error
> >
> > java.lang.IllegalArgumentException: The supplied username and
> > password are not valid.}. Returning Bad Request} response."}
> > java.lang.IllegalArgumentException: The supplied username and
> > password are not valid.
> > at
> >
> org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
> > at
> > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> > Method)
> > at java.base/java.lang.Thread.run(Thread.java:834)
> > Caused by:
> >
> org.apache.nifi.authentication.exception.InvalidLoginCredentialsException:
> > Kerberos authentication failed
> > ... 84 common frames omitted
> > Caused by:
> > org.springframework.security.authentication.BadCredentialsException:
> > Kerberos authentication failed
> > at
> >
> org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
> > ... 86 common frames omitted
> > Caused by: javax.security.auth.login.LoginException: Cannot
> > locate KDC
> > at
> >
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
> > .java:59)
> > ... 88 common frames omitted
> > Caused by: sun.security.krb5.KrbException: Cannot locate KDC
> > at
> > java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:125
> > 9)
> >
> > at
> >
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
> > ... 96 common frames omitted
> > Caused by: sun.security.krb5.KrbException: Generic error
> > (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM
> > at
> >
> java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
> > at
> > java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
> > ... 101 common frames omitted
> >
> >
> >
> >
> >
> >
> >
> >
>
RE: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Posted by "Ganesh, B (Nokia - IN/Bangalore)" <b....@nokia.com>.
Hi ,
In the file login-identity-providers.xml configuration is mentioned below , but in case of Nifi 1.9.2 also it is configured as same .
<provider>
<identifier>kerberos-provider</identifier>
<class>org.apache.nifi.kerberos.KerberosProvider</class>
<property name="Default Realm">NIFI.COM</property>
<property name="Authentication Expiration">12 hours</property>
</provider>
And below is the complete back trace of the issue .
er java.lang.IllegalArgumentException: The supplied username and password are not valid.}. Returning Bad Request} response."}
java.lang.IllegalArgumentException: The supplied username and password are not valid.
at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200)
at
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
at org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.apache.nifi.authentication.exception.InvalidLoginCredentialsException: Kerberos authentication failed
at org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:125)
at org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:315)
at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:729)
... 84 common frames omitted
Caused by: org.springframework.security.authentication.BadCredentialsException: Kerberos authentication failed
at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
at org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider.authenticate(KerberosAuthenticationProvider.java:40)
at org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:117)
... 86 common frames omitted
Caused by: javax.security.auth.login.LoginException: Cannot locate KDC
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:59)
... 88 common frames omitted
Caused by: sun.security.krb5.KrbException: Cannot locate KDC
at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:218)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:200)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:343)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:447)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
... 96 common frames omitted
Caused by: sun.security.krb5.KrbException: Generic error (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM
at java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
... 101 common frames omitted
Thanks & Regards,
Ganesh.B
-----Original Message-----
From: Bryan Bende <bb...@gmail.com>
Sent: Friday, April 17, 2020 8:53 PM
To: dev@nifi.apache.org
Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Check your Default Realm in login-identity-providers.xml
On Fri, Apr 17, 2020 at 11:05 AM Shawn Weeks <sw...@weeksconsulting.us>
wrote:
> For some reason NiFi is trying to use the realm NIFI.COM. I'd search
> through your config files and your Kerberos Credential Service and see
> where that's coming from.
>
> Thanks
>
> On 4/17/20, 7:49 AM, "Ganesh, B (Nokia - IN/Bangalore)" <
> b.ganesh@nokia.com> wrote:
>
> Hi ,
>
> no ,
> default_realm = NOKIA.COM
>
>
>
> -----Original Message-----
> From: Shawn Weeks <sw...@weeksconsulting.us>
> Sent: Friday, April 17, 2020 5:43 PM
> To: dev@nifi.apache.org
> Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
>
> Can you verify that your KDC Realm is really NIFI.COM and that
> it's defined in /etc/krb5.conf?
>
> Thanks
> Shawn
>
> On 4/17/20, 5:14 AM, "Ganesh, B (Nokia - IN/Bangalore)" <
> b.ganesh@nokia.com> wrote:
>
> Hi ,
>
> I am facing issue with Nifi 1.11.4 in Kerberos mode ,
> whereas nifi 1.9.2 not seeing this issue .
> I am using kdc version as 2.2.5
>
> Can anybody help me on this ?
>
> REST call to
> 'https://10.75.156.102:30088/nifi-api/flow/client-id
> is failed with below error
>
> java.lang.IllegalArgumentException: The supplied username and
> password are not valid.}. Returning Bad Request} response."}
> java.lang.IllegalArgumentException: The supplied username and
> password are not valid.
> at
> org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by:
> org.apache.nifi.authentication.exception.InvalidLoginCredentialsException:
> Kerberos authentication failed
> ... 84 common frames omitted
> Caused by:
> org.springframework.security.authentication.BadCredentialsException:
> Kerberos authentication failed
> at
> org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
> ... 86 common frames omitted
> Caused by: javax.security.auth.login.LoginException: Cannot
> locate KDC
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
> .java:59)
> ... 88 common frames omitted
> Caused by: sun.security.krb5.KrbException: Cannot locate KDC
> at
> java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:125
> 9)
>
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
> ... 96 common frames omitted
> Caused by: sun.security.krb5.KrbException: Generic error
> (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM
> at
> java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
> at
> java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
> ... 101 common frames omitted
>
>
>
>
>
>
>
>
Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Posted by Bryan Bende <bb...@gmail.com>.
Check your Default Realm in login-identity-providers.xml
On Fri, Apr 17, 2020 at 11:05 AM Shawn Weeks <sw...@weeksconsulting.us>
wrote:
> For some reason NiFi is trying to use the realm NIFI.COM. I'd search
> through your config files and your Kerberos Credential Service and see
> where that's coming from.
>
> Thanks
>
> On 4/17/20, 7:49 AM, "Ganesh, B (Nokia - IN/Bangalore)" <
> b.ganesh@nokia.com> wrote:
>
> Hi ,
>
> no ,
> default_realm = NOKIA.COM
>
>
>
> -----Original Message-----
> From: Shawn Weeks <sw...@weeksconsulting.us>
> Sent: Friday, April 17, 2020 5:43 PM
> To: dev@nifi.apache.org
> Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
>
> Can you verify that your KDC Realm is really NIFI.COM and that it's
> defined in /etc/krb5.conf?
>
> Thanks
> Shawn
>
> On 4/17/20, 5:14 AM, "Ganesh, B (Nokia - IN/Bangalore)" <
> b.ganesh@nokia.com> wrote:
>
> Hi ,
>
> I am facing issue with Nifi 1.11.4 in Kerberos mode , whereas
> nifi 1.9.2 not seeing this issue .
> I am using kdc version as 2.2.5
>
> Can anybody help me on this ?
>
> REST call to 'https://10.75.156.102:30088/nifi-api/flow/client-id
> is failed with below error
>
> java.lang.IllegalArgumentException: The supplied username and
> password are not valid.}. Returning Bad Request} response."}
> java.lang.IllegalArgumentException: The supplied username and
> password are not valid.
> at
> org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by:
> org.apache.nifi.authentication.exception.InvalidLoginCredentialsException:
> Kerberos authentication failed
> ... 84 common frames omitted
> Caused by:
> org.springframework.security.authentication.BadCredentialsException:
> Kerberos authentication failed
> at
> org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
> ... 86 common frames omitted
> Caused by: javax.security.auth.login.LoginException: Cannot locate
> KDC
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
> .java:59)
> ... 88 common frames omitted
> Caused by: sun.security.krb5.KrbException: Cannot locate KDC
> at
> java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259)
>
> at
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
> ... 96 common frames omitted
> Caused by: sun.security.krb5.KrbException: Generic error
> (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM
> at
> java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
> at
> java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
> ... 101 common frames omitted
>
>
>
>
>
>
>
>
Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Posted by Shawn Weeks <sw...@weeksconsulting.us>.
For some reason NiFi is trying to use the realm NIFI.COM. I'd search through your config files and your Kerberos Credential Service and see where that's coming from.
Thanks
On 4/17/20, 7:49 AM, "Ganesh, B (Nokia - IN/Bangalore)" <b....@nokia.com> wrote:
Hi ,
no ,
default_realm = NOKIA.COM
-----Original Message-----
From: Shawn Weeks <sw...@weeksconsulting.us>
Sent: Friday, April 17, 2020 5:43 PM
To: dev@nifi.apache.org
Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Can you verify that your KDC Realm is really NIFI.COM and that it's defined in /etc/krb5.conf?
Thanks
Shawn
On 4/17/20, 5:14 AM, "Ganesh, B (Nokia - IN/Bangalore)" <b....@nokia.com> wrote:
Hi ,
I am facing issue with Nifi 1.11.4 in Kerberos mode , whereas nifi 1.9.2 not seeing this issue .
I am using kdc version as 2.2.5
Can anybody help me on this ?
REST call to 'https://10.75.156.102:30088/nifi-api/flow/client-id is failed with below error
java.lang.IllegalArgumentException: The supplied username and password are not valid.}. Returning Bad Request} response."}
java.lang.IllegalArgumentException: The supplied username and password are not valid.
at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.apache.nifi.authentication.exception.InvalidLoginCredentialsException: Kerberos authentication failed
... 84 common frames omitted
Caused by: org.springframework.security.authentication.BadCredentialsException: Kerberos authentication failed
at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
... 86 common frames omitted
Caused by: javax.security.auth.login.LoginException: Cannot locate KDC
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
.java:59)
... 88 common frames omitted
Caused by: sun.security.krb5.KrbException: Cannot locate KDC
at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
... 96 common frames omitted
Caused by: sun.security.krb5.KrbException: Generic error (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM
at java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
... 101 common frames omitted
RE: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Posted by "Ganesh, B (Nokia - IN/Bangalore)" <b....@nokia.com>.
Hi ,
no ,
default_realm = NOKIA.COM
-----Original Message-----
From: Shawn Weeks <sw...@weeksconsulting.us>
Sent: Friday, April 17, 2020 5:43 PM
To: dev@nifi.apache.org
Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Can you verify that your KDC Realm is really NIFI.COM and that it's defined in /etc/krb5.conf?
Thanks
Shawn
On 4/17/20, 5:14 AM, "Ganesh, B (Nokia - IN/Bangalore)" <b....@nokia.com> wrote:
Hi ,
I am facing issue with Nifi 1.11.4 in Kerberos mode , whereas nifi 1.9.2 not seeing this issue .
I am using kdc version as 2.2.5
Can anybody help me on this ?
REST call to 'https://10.75.156.102:30088/nifi-api/flow/client-id is failed with below error
java.lang.IllegalArgumentException: The supplied username and password are not valid.}. Returning Bad Request} response."}
java.lang.IllegalArgumentException: The supplied username and password are not valid.
at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.apache.nifi.authentication.exception.InvalidLoginCredentialsException: Kerberos authentication failed
... 84 common frames omitted
Caused by: org.springframework.security.authentication.BadCredentialsException: Kerberos authentication failed
at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
... 86 common frames omitted
Caused by: javax.security.auth.login.LoginException: Cannot locate KDC
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
.java:59)
... 88 common frames omitted
Caused by: sun.security.krb5.KrbException: Cannot locate KDC
at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
... 96 common frames omitted
Caused by: sun.security.krb5.KrbException: Generic error (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM
at java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
... 101 common frames omitted
Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Posted by Shawn Weeks <sw...@weeksconsulting.us>.
Can you verify that your KDC Realm is really NIFI.COM and that it's defined in /etc/krb5.conf?
Thanks
Shawn
On 4/17/20, 5:14 AM, "Ganesh, B (Nokia - IN/Bangalore)" <b....@nokia.com> wrote:
Hi ,
I am facing issue with Nifi 1.11.4 in Kerberos mode , whereas nifi 1.9.2 not seeing this issue .
I am using kdc version as 2.2.5
Can anybody help me on this ?
REST call to 'https://10.75.156.102:30088/nifi-api/flow/client-id is failed with below error
java.lang.IllegalArgumentException: The supplied username and password are not valid.}. Returning Bad Request} response."}
java.lang.IllegalArgumentException: The supplied username and password are not valid.
at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.apache.nifi.authentication.exception.InvalidLoginCredentialsException: Kerberos authentication failed
... 84 common frames omitted
Caused by: org.springframework.security.authentication.BadCredentialsException: Kerberos authentication failed
at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66)
... 86 common frames omitted
Caused by: javax.security.auth.login.LoginException: Cannot locate KDC
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782)
.java:59)
... 88 common frames omitted
Caused by: sun.security.krb5.KrbException: Cannot locate KDC
at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744)
... 96 common frames omitted
Caused by: sun.security.krb5.KrbException: Generic error (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM
at java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356)
at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232)
... 101 common frames omitted