Hi, Can you make sure the host where NiFi is running has its time correctly sync'ed (with systems like TLSdate or NTP)? Sounds like there is a time difference between the NiFi host server and the server issuing the token.
Thanks, Pierre Le ven. 29 mai 2020 à 18:54, Ashutosh Kumar (Group) <ashutosh.kum...@global.ntt> a écrit : > Hello Experts, > > > > I am new to Apache NiFi and running 1.4.11. > > > > Wanted to set up NiFI SSL and authenticate user whoever is accessing this. > > > > I have spent almost 2 weeks but I am not able to achieve this. The > documentation and online help is also not helping me. > > Wrote to multiple forums but no answers. > > > > Request you to please provide some guide or documentation so that I could > succeed in this. > > > > Attaching my nifi.properties, authorizers.xml, users.xml and > authrizations.xml for reference. > > > > I am getting below error when trying to authenticate using google OpenID. > > > > Please , please have a look and suggest what I am doing wrong. > > > > Thanks and Regards, > > Ashutosh > > > > > > 2020-05-29 12:21:40,514 INFO [NiFi Web Server-17] > o.a.n.w.a.c.AccessDeniedExceptionMapper identity[anonymous], groups[none] > does not have permission to access the requested resource. Unknown user > with identity 'anonymous'. Returning Unauthorized response. > > 2020-05-29 12:21:42,915 ERROR [NiFi Web Server-23] > org.apache.nifi.web.api.AccessResource Unable to exchange authorization for > ID token: Unable to parse the response from the Token request: JWT issue > time ahead of current time > > java.lang.RuntimeException: Unable to parse the response from the Token > request: JWT issue time ahead of current time > > at > org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.exchangeAuthorizationCode(StandardOidcIdentityProvider.java:330) > > at > org.apache.nifi.web.security.oidc.OidcService.exchangeAuthorizationCode(OidcService.java:201) > > at > org.apache.nifi.web.api.AccessResource.oidcCallback(AccessResource.java:257) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at > org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76) > > at > org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148) > > at > org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191) > > at > org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$VoidOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:183) > > at > org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103) > > at > org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493) > > at > org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415) > > at > org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104) > > at > org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:277) > > at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272) > > at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268) > > at org.glassfish.jersey.internal.Errors.process(Errors.java:316) > > at org.glassfish.jersey.internal.Errors.process(Errors.java:298) > > at org.glassfish.jersey.internal.Errors.process(Errors.java:268) > > at > org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289) > > at > org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256) > > at > org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703) > > at > org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416) > > at > org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370) > > at > org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389) > > at > org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342) > > at > org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229) > > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:876) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623) > > at > org.apache.nifi.web.filter.RequestLogger.doFilter(RequestLogger.java:66) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) > > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:208) > > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) > > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347) > > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) > > at > org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) > > at > org.apache.nifi.web.filter.ExceptionFilter.doFilter(ExceptionFilter.java:46) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1602) > > at > org.apache.nifi.web.security.headers.StrictTransportSecurityFilter.doFilter(StrictTransportSecurityFilter.java:48) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) > > at > org.apache.nifi.web.security.headers.XSSProtectionFilter.doFilter(XSSProtectionFilter.java:48) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) > > at > org.apache.nifi.web.security.headers.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:47) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) > > at > org.apache.nifi.web.security.headers.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:48) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540) > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) > > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) > > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1711) > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1347) > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480) > > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1678) > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1249) > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) > > at > org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:152) > > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:753) > > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) > > at > org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:61) > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) > > at org.eclipse.jetty.server.Server.handle(Server.java:505) > > at > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) > > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) > > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:427) > > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:321) > > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159) > > Ashutosh > > > > > > This email and all contents are subject to the following disclaimer: > https://hello.global.ntt/en-us/email-disclaimer > <https://hello.global.ntt/en-us/email-disclaimer.aspx> >
