Hi Ricky, I checked out nifi-0.6.1 and built on my system, then deployed with a Kerberos configuration and a KDC running in Vagrant and everything worked fine. Was able to run kinit on the command line of the client machine, and then opening Safari established a session using my Kerberos principal immediately. I looked at your app log, and it appears it might be a file permission/existence issue. I admit the error could be more helpful — it’s unclear as to whether it’s an IO problem or an XML problem or a Spring problem. Can you please verify that the authority-providers.xml file exists in the correct location, has the correct access permissions, and is well-formed XML? I’ve published my nifi.properties [1], authority-providers.xml [2], authorized-users.xml [3], and login-identity-provider.xml [4] files as gists as well for comparison.
In the nifi.properties, note lines 142 & 143, as they define the references to the authority and login identity providers, and lines 187 & 189, as they define the Kerberos properties. From your nifi-app.log: 2016-05-12 14:14:04,468 ERROR [main] o.s.web.context.ContextLoader Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'niFiWebApiSecurityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.apache.nifi.web.NiFiWebApiSecurityConfiguration.setUserDetailsService(org.springframework.security.core.userdetails.AuthenticationUserDetailsService); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'userDetailsService' defined in class path resource [nifi-web-security-context.xml]: Cannot resolve reference to bean 'userService' while setting bean property 'userService'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'userService' defined in class path resource [nifi-administration-context.xml]: Cannot resolve reference to bean 'userTransactionBuilder' while setting bean property 'transactionBuilder'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'userTransactionBuilder' defined in class path resource [nifi-administration-context.xml]: Cannot resolve reference to bean 'authorityProvider' while setting bean property 'authorityProvider'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorityProvider': FactoryBean threw exception on object creation; nested exception is java.lang.Exception: Unable to load the authority provider configuration file at: /private/tmp/nifi-0.6.1/./conf/authority-providers.xml [1] https://gist.github.com/alopresto/dfad48f55780fee3d0d62b7a0169f2d7 <https://gist.github.com/alopresto/dfad48f55780fee3d0d62b7a0169f2d7> [2] https://gist.github.com/alopresto/b3bd36676ff72351e641df6869bc1b84 <https://gist.github.com/alopresto/b3bd36676ff72351e641df6869bc1b84> [3] https://gist.github.com/alopresto/e6bca539876fe4324f49e4996f41c91a <https://gist.github.com/alopresto/e6bca539876fe4324f49e4996f41c91a> [4] https://gist.github.com/alopresto/06938e4d0ccdf2168fe0fc6158780a56 <https://gist.github.com/alopresto/06938e4d0ccdf2168fe0fc6158780a56> Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On May 13, 2016, at 4:05 PM, Ricky Saltzer <ri...@cloudera.com> wrote: > > Right on! I appreciate you helping out. Have a good weekend! > > On Fri, May 13, 2016 at 3:59 PM, Andy LoPresto <alopre...@apache.org > <mailto:alopre...@apache.org>> wrote: > >> Thanks Ricky. I’ll set up a demo environment with 0.6.1 and LDAP/Kerberos >> authentication >> locally and see if I can reproduce. Probably get back to you Monday? >> >> Andy LoPresto >> alopre...@apache.org <mailto:alopre...@apache.org> >> *alopresto.apa...@gmail.com <mailto:alopresto.apa...@gmail.com> >> <alopresto.apa...@gmail.com <mailto:alopresto.apa...@gmail.com>>* >> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >> >> On May 13, 2016, at 1:47 PM, Ricky Saltzer <ri...@cloudera.com> wrote: >> >> Hey Andy - >> >> The full log file, nifi.properties, and authority-providers in the >> following gists. Obviously I've replaced some values in the >> authority-providers with fake data for security reasons. >> >> *Log:* >> >> https://gist.githubusercontent.com/rickysaltzer/a645f18a4b3d8bacd16d57cd093f8997/raw/08f78789b66a4d7094629699af7f408870b2c0da/gistfile1.txt >> >> *Authority: * >> >> https://gist.githubusercontent.com/rickysaltzer/b6db60311ea9e3abb94ac183e1c02a59/raw/a75b348ea9515acf0d7bbe0a936972c9b6cb38fe/gistfile1.txt >> >> *Properties:* >> >> https://gist.githubusercontent.com/rickysaltzer/3b29f430d0d1b6361a7ff097e8fcea6a/raw/28bb328fc01ed5256b41bfb324341c083f6fa354/gistfile1.txt >> >> On Fri, May 13, 2016 at 10:55 AM, Andy LoPresto <alopre...@apache.org> >> wrote: >> >> Hi Ricky, >> >> Can you provide the contents of logs/nifi-app.log as well to see if there >> is anything relevant to this exception? The code where this is failing >> attempts to deserialize the XML into one of a number of classes >> implementing the AuthorityProvider interface via the factory. Are you sure >> the XML is valid and complete, and that the provider identifier is also >> specified in nifi.properties? >> >> Andy LoPresto >> alopre...@apache.org >> *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>* >> >> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >> >> On May 12, 2016, at 2:26 PM, Ricky Saltzer <ri...@cloudera.com> wrote: >> >> Using the following provider on 0.6.1, I'm faced with a ClassCastException. >> It might also be worth noting that I face the same exception when >> attempting to us the KerberosProvider option. >> >> *Provider:* >> <provider> >> <identifier>ldap-provider</identifier> >> <class>org.apache.nifi.ldap.LdapProvider</class> >> <property name="Authentication Strategy">SIMPLE</property> >> >> <property name="Manager DN">dethklok\toki</property> >> <property name="Manager Password">bananasticker</property> >> >> <property name="TLS - Keystore"></property> >> <property name="TLS - Keystore Password"></property> >> <property name="TLS - Keystore Type"></property> >> <property name="TLS - Truststore"></property> >> <property name="TLS - Truststore Password"></property> >> <property name="TLS - Truststore Type"></property> >> <property name="TLS - Client Auth"></property> >> <property name="TLS - Protocol"></property> >> <property name="TLS - Shutdown Gracefully"></property> >> >> <property name="Referral Strategy">FOLLOW</property> >> <property name="Connect Timeout">10 secs</property> >> <property name="Read Timeout">10 secs</property> >> >> <property name="Url">ldap://ldap.metalocalypse.com</property> >> <property name="User Search >> Base">CN=Users,DC=metalocalypse,DC=local</property> >> <property name="User Search Filter">foo</property> >> >> <property name="Authentication Expiration">12 hours</property> >> </provider> >> >> *Exception:* >> Caused by: java.lang.ClassCastException: class >> org.apache.nifi.ldap.LdapProvider >> at java.lang.Class.asSubclass(Class.java:3208) ~[na:1.7.0_79] >> at >> >> >> org.apache.nifi.authorization.AuthorityProviderFactoryBean.createAuthorityProvider(AuthorityProviderFactoryBean.java:173) >> ~[na:na] >> at >> >> >> org.apache.nifi.authorization.AuthorityProviderFactoryBean.getObject(AuthorityProviderFactoryBean.java:111) >> ~[na:na] >> at >> >> >> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168) >> ~[na:na] >> ... 75 common frames omitted >> >> >> >> >> >> -- >> Ricky Saltzer >> http://www.cloudera.com >> >> >> > > > -- > Ricky Saltzer > http://www.cloudera.com <http://www.cloudera.com/>
signature.asc
Description: Message signed with OpenPGP using GPGMail