[ https://issues.apache.org/jira/browse/NIFI-11409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
macdoor615 updated NIFI-11409: ------------------------------ Attachment: (was: image-2023-04-13-14-10-09-263.png) > OIDC Token Revocation Error on Logout > ------------------------------------- > > Key: NIFI-11409 > URL: https://issues.apache.org/jira/browse/NIFI-11409 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework > Affects Versions: 1.21.0 > Environment: NiFi 1.21.0 cluster with 4 nodes > openjdk version "11.0.18" 2023-01-17 LTS > OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build > 11.0.18+10-LTS) > OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build > 11.0.18+10-LTS, mixed mode, sharing) > Linux hb3-ifz-bridge-004 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 > 16:21:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux > Keycloak 20.0.2 > Reporter: macdoor615 > Assignee: David Handermann > Priority: Major > Attachments: 截屏2023-04-08 12.40.30.png, 截屏2023-04-09 13.17.25.png, > 截屏2023-04-09 13.33.25.png > > > My NiFi 1.21.0 cluster has 4 nodes and using oidc authentication. > I can log in properly, but when I click logout on webui, I got HTTP ERROR 503. > !截屏2023-04-08 12.40.30.png|width=479,height=179! > I also find 503 in nifi-request.log > > {code:java} > 10.12.69.33 - - [08/Apr/2023:04:24:13 +0000] "GET > /nifi-api/access/oidc/logout HTTP/1.1" 503 425 > "https://36.138.166.203:18088/nifi/" "Mozilla/5.0 (Macintosh; Intel Mac OS X > 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 > Safari/605.1.15"{code} > > and WARNs in nifi-user.log, 36.133.55.100 is load balance's external IP. It > can not be accessed in intra net. > > {code:java} > 2023-04-08 12:24:43,511 WARN [NiFi Web Server-59] > o.a.n.w.s.o.r.StandardTokenRevocationResponseClient Token Revocation Request > processing failed > org.springframework.web.client.ResourceAccessException: I/O error on POST > request for > "https://36.133.55.100:8943/realms/zznode/protocol/openid-connect/revoke": > connect timed out; nested exception is java.net.SocketTimeoutException: > connect timed out > at > org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791) > at > org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:666) > at > org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getResponseEntity(StandardTokenRevocationResponseClient.java:81) > at > org.apache.nifi.web.security.oidc.revocation.StandardTokenRevocationResponseClient.getRevocationResponse(StandardTokenRevocationResponseClient.java:70) > at > org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processRefreshTokenRevocation(OidcLogoutSuccessHandler.java:181) > at > org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.processLogoutRequest(OidcLogoutSuccessHandler.java:159) > at > org.apache.nifi.web.security.oidc.logout.OidcLogoutSuccessHandler.onLogoutSuccess(OidcLogoutSuccessHandler.java:127) > at > org.apache.nifi.web.security.logout.StandardLogoutFilter.doFilterInternal(StandardLogoutFilter.java:62) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) > at > org.apache.nifi.web.security.csrf.SkipReplicatedCsrfFilter.doFilterInternal(SkipReplicatedCsrfFilter.java:59) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) > at > org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225) > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) > at > org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) > at > org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) > at > org.apache.nifi.web.filter.ExceptionFilter.doFilter(ExceptionFilter.java:46) > at > org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201) > at > org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) > at > org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:487) > at > org.apache.nifi.web.server.filter.DataTransferExcludedDoSFilter.doFilterChain(DataTransferExcludedDoSFilter.java:51) > at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:336) > at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:301) > at > org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) > at > org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) > at > org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) > at > org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) > at > org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) > at > org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) > at > org.apache.nifi.web.server.log.RequestAuthenticationFilter.doFilterInternal(RequestAuthenticationFilter.java:59) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) > at > org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) > at > org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:552) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > at > org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:772) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:191) > at > org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:59) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > at org.eclipse.jetty.server.Server.handle(Server.java:516) > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487) > at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732) > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479) > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555) > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410) > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164) > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) > at > org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) > at java.base/java.lang.Thread.run(Thread.java:829) > Caused by: java.net.SocketTimeoutException: connect timed out > at java.base/java.net.PlainSocketImpl.socketConnect(Native Method) > at > java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:412) > at > java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:255) > at > java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:237) > at > java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > at java.base/java.net.Socket.connect(Socket.java:609) > at okhttp3.internal.platform.Platform.connectSocket(Platform.kt:128) > at > okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.kt:295) > at > okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:207) > at > okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) > at > okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) > at > okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) > at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) > at > okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) > at > okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) > at > okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) > at > okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) > at > okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) > at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) > at > org.springframework.http.client.OkHttp3ClientHttpRequest.executeInternal(OkHttp3ClientHttpRequest.java:73) > at > org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) > at > org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66) > at > org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:782) > ... 78 common frames omitted 2023-04-08 12:24:43,512 INFO [NiFi Web > Server-59] o.a.n.w.s.o.l.OidcLogoutSuccessHandler Identity > [xiaoxiong.d...@gumhb3.com] OIDC Refresh Token Revocation completed [HTTP 500] > {code} > I can logout properly on my standalone NiFi with the same oidc service and > the same network config -- This message was sent by Atlassian Jira (v8.20.10#820010)