[cetic/nifi] OIDC Untrusted proxy CN=localhost, OU=NIFI
See original GitHub issueHello,
I’m trying to use OIDC with this chart and have been failing getting the error Untrusted proxy CN=localhost, OU=NIFI after successful login in Keycloak.
I noticed that when i use helm template nifi-dev .
it spills this:
OBS: I removed all the <!-- -->
for better visualization
# Source: nifi/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nifi-dev-nifi-config
labels:
app: "nifi"
chart: "nifi-1.0.6"
release: "nifi-dev"
heritage: "Helm"
data:
authorizers.xml: |
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<authorizers>
<userGroupProvider>
<identifier>file-user-group-provider</identifier>
<class>org.apache.nifi.authorization.FileUserGroupProvider</class>
<property name="Users File">./auth-conf/users.xml</property>
<property name="Legacy Authorized Users File"></property>
<property name="Initial User Identity 0">CN=nifi-dev-0.nifi-dev-headless.default.svc.cluster.local, OU=NIFI</property>
<property name="Initial User Identity admin">CN=admin, OU=NIFI</property>
</userGroupProvider>
<accessPolicyProvider>
<identifier>file-access-policy-provider</identifier>
<class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
<property name="User Group Provider">file-user-group-provider</property>
<property name="Authorizations File">./auth-conf/authorizations.xml</property>
<property name="Initial Admin Identity">CN=admin, OU=NIFI</property>
<property name="Legacy Authorized Users File"></property>
<property name="Node Identity 0">CN=nifi-dev-0.nifi-dev-headless.default.svc.cluster.local, OU=NIFI</property>
</accessPolicyProvider>
<authorizer>
<identifier>managed-authorizer</identifier>
<class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
<property name="Access Policy Provider">file-access-policy-provider</property>
</authorizer>
</authorizers>
But after I deploy the chart, enter the pod, enter the container “server” and finally cat /conf/authorizers.xml
it prints this:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<authorizers>
<userGroupProvider>
<identifier>file-user-group-provider</identifier>
<class>org.apache.nifi.authorization.FileUserGroupProvider</class>
<property name="Users File">./conf/users.xml</property>
<property name="Legacy Authorized Users File"/>
<property name="Initial User Identity 1">admin@test.com</property>
</userGroupProvider>
<accessPolicyProvider>
<identifier>file-access-policy-provider</identifier>
<class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
<property name="User Group Provider">file-user-group-provider</property>
<property name="Authorizations File">./conf/authorizations.xml</property>
<property name="Initial Admin Identity">admin@test.com</property>
<property name="Legacy Authorized Users File"/>
<property name="Node Identity 1"/>
<property name="Node Group"/>
</accessPolicyProvider>
<authorizer>
<identifier>managed-authorizer</identifier>
<class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
<property name="Access Policy Provider">file-access-policy-provider</property>
</authorizer>
</authorizers>
I can’t seem to figure it out, would appreciate any help.
Thanks, Yann
Issue Analytics
- State:
- Created a year ago
- Comments:8 (3 by maintainers)
Top Results From Across the Web
Nifi untrusted proxy caused by Untrusted Proxy Exc...
I have setup a 3-node nifi cluster (i.e. nifi2, nifi3, and nifi4) using version 1.13.2 and I have enabled - 317796.
Read more >nifi 3 node docker + ssl getting Untrusted proxy CN= ...
oidc is working as expected and authentication is working via SSO. however, once authenticated I am getting below error on UI. enter image ......
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@wknickless haha, that’s amazing. I’ve never used Nifi before and took an assignment to migrate everything (and update nifi version) to GKE in GCP. Been going crazy with all the new stuff that been happening and thank you very much for your work, you did an incredible job. What was happening was exactly policies, been sniffing around and been doing just fine after giving correct permissions. I thank you again, you did so great! I guess it’s enough to close this issue.
@wknickless Thank you for your response, I will pull your PR and provide feedback.