Github user ijokarumawak commented on a diff in the pull request: https://github.com/apache/nifi/pull/3109#discussion_r228061483 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/StandardLoadBalanceProtocol.java --- @@ -130,17 +130,14 @@ public void receiveFlowFiles(final Socket socket) throws IOException { final Set<String> certIdentities; try { certIdentities = getCertificateIdentities(sslSession); - - final String dn = CertificateUtils.extractPeerDNFromSSLSocket(socket); - peerDescription = CertificateUtils.extractUsername(dn); } catch (final CertificateException e) { throw new IOException("Failed to extract Client Certificate", e); } logger.debug("Connection received from peer {}. Will perform authorization against Client Identities '{}'", peerDescription, certIdentities); - authorizer.authorize(certIdentities); + peerDescription = authorizer.authorize(certIdentities); --- End diff -- Although the commit message says "Use Node Identifier's node address instead of getting from socket for RECEIVE prov events", we still uses the `nodename` for RECEIVE provenance events [1] that is derived from `socket.getInetAddress().getHostName()` [2]. I wonder if you intended to use this peerDescription instead. Thoughts? 1. https://github.com/apache/nifi/blob/c5e79da4449db81119ab898f15ab7c2aa64b9c91/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/StandardLoadBalanceProtocol.java#L343 2. https://github.com/apache/nifi/blob/c5e79da4449db81119ab898f15ab7c2aa64b9c91/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/StandardLoadBalanceProtocol.java#L155
---