Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[cetic/nifi] OIDC Untrusted proxy CN=localhost, OU=NIFI

See original GitHub issue

Hello,

I’m trying to use OIDC with this chart and have been failing getting the error Untrusted proxy CN=localhost, OU=NIFI after successful login in Keycloak.

I noticed that when i use helm template nifi-dev . it spills this: OBS: I removed all the <!-- --> for better visualization

 # Source: nifi/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: nifi-dev-nifi-config
  labels:
    app: "nifi"
    chart: "nifi-1.0.6"
    release: "nifi-dev"
    heritage: "Helm"
data:
  authorizers.xml: |
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <authorizers>

        <userGroupProvider>
            <identifier>file-user-group-provider</identifier>
            <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
            <property name="Users File">./auth-conf/users.xml</property>
            <property name="Legacy Authorized Users File"></property>
            <property name="Initial User Identity 0">CN=nifi-dev-0.nifi-dev-headless.default.svc.cluster.local, OU=NIFI</property>
            <property name="Initial User Identity admin">CN=admin, OU=NIFI</property>
        </userGroupProvider>
        
        <accessPolicyProvider>
            <identifier>file-access-policy-provider</identifier>
            <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
            <property name="User Group Provider">file-user-group-provider</property>
            <property name="Authorizations File">./auth-conf/authorizations.xml</property>
            <property name="Initial Admin Identity">CN=admin, OU=NIFI</property>
            <property name="Legacy Authorized Users File"></property>
            <property name="Node Identity 0">CN=nifi-dev-0.nifi-dev-headless.default.svc.cluster.local, OU=NIFI</property>
        </accessPolicyProvider>

        <authorizer>
            <identifier>managed-authorizer</identifier>
            <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
            <property name="Access Policy Provider">file-access-policy-provider</property>
        </authorizer>

    </authorizers>

But after I deploy the chart, enter the pod, enter the container “server” and finally cat /conf/authorizers.xml it prints this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<authorizers>

  <userGroupProvider>
    <identifier>file-user-group-provider</identifier>
    <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
    <property name="Users File">./conf/users.xml</property>
    <property name="Legacy Authorized Users File"/>
    <property name="Initial User Identity 1">admin@test.com</property>
  </userGroupProvider>

  <accessPolicyProvider>
    <identifier>file-access-policy-provider</identifier>
    <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
    <property name="User Group Provider">file-user-group-provider</property>
    <property name="Authorizations File">./conf/authorizations.xml</property>
    <property name="Initial Admin Identity">admin@test.com</property>
    <property name="Legacy Authorized Users File"/>
    <property name="Node Identity 1"/>
    <property name="Node Group"/>
  </accessPolicyProvider>

  <authorizer>
    <identifier>managed-authorizer</identifier>
    <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
    <property name="Access Policy Provider">file-access-policy-provider</property>
  </authorizer>

</authorizers>

I can’t seem to figure it out, would appreciate any help.

Thanks, Yann

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:8 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
kyouchcommented, May 13, 2022

@wknickless haha, that’s amazing. I’ve never used Nifi before and took an assignment to migrate everything (and update nifi version) to GKE in GCP. Been going crazy with all the new stuff that been happening and thank you very much for your work, you did an incredible job. What was happening was exactly policies, been sniffing around and been doing just fine after giving correct permissions. I thank you again, you did so great! I guess it’s enough to close this issue.

1reaction
kyouchcommented, May 13, 2022

@wknickless Thank you for your response, I will pull your PR and provide feedback.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Nifi untrusted proxy caused by Untrusted Proxy Exc...
I have setup a 3-node nifi cluster (i.e. nifi2, nifi3, and nifi4) using version 1.13.2 and I have enabled - 317796.
Read more >
nifi 3 node docker + ssl getting Untrusted proxy CN= ...
oidc is working as expected and authentication is working via SSO. however, once authenticated I am getting below error on UI. enter image ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[cetic/nifi] cert-manager not correctly generating the ca.cert

Next page

[cetic/nifi] nifi property settings broken if not using LDAP or OIDC