Re: Nifi -1.7 -Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI error on cluster node
nested exception is org.apache.nifi.authorization.exception.AuthorizerCreationException: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate node CN=ohlvnfiap004dd.oh.dev.dat.aws.vz-connect.net, OU=NIFI to seed policies. This means CN=ohlvnfiap004dd.oh.dev.dat.aws.vz-connect.net, OU=NIFI was put in the Node Identities section in the policy provider, but it wasn't defined as a user in the user group provider. It needs to be listed in both places, same as initial admin. On Thu, Sep 20, 2018 at 6:42 AM nifi-san wrote: > > We have no wild cards in the certificates created.Each node certificate has a > unique CN name same as that of the hostname. > > > > -- > Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/
Re: Nifi -1.7 -Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI error on cluster node
I deleted the authorizations.xml and user.xml files on all the nodes of the cluster and restarted the nodes. The Nifi nodes do not start up and I see the following errors int he logs now:- 2018-09-20 08:20:09,003 ERROR [NiFi logging handler] org.apache.nifi.StdErr Failed to start web server: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through method 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency expressed through method 'setJwtAuthenticationProvider' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtAuthenticationProvider' defined in class path resource [nifi-web-security-context.xml]: Cannot resolve reference to bean 'authorizer' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is org.apache.nifi.authorization.exception.AuthorizerCreationException: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate node CN=hostname, OU=NIFI to seed policies. 2018-09-20 08:20:09,003 ERROR [NiFi logging handler] org.apache.nifi.StdErr Shutting down... 2018-09-20 08:20:09,662 INFO [main] org.apache.nifi.bootstrap.RunNiFi A shutdown was initiated. Will not restart NiFi 2018-09-20 08:20:10,291 INFO [main] org.apache.nifi.bootstrap.Command NiFi has finished shutting down. 2018-09-20 08:20:13,739 INFO [main] o.a.n.b.NotificationServiceManager Successfully loaded the following 0 services: [] 2018-09-20 08:20:13,743 INFO [main] org.apache.nifi.bootstrap.RunNiFi Registered no Notification Services for Notification Type NIFI_STARTED 2018-09-20 08:20:13,743 INFO [main] org.apache.nifi.bootstrap.RunNiFi Registered no Notification Services for Notification Type NIFI_STOPPED 2018-09-20 08:20:13,743 INFO [main] org.apache.nifi.bootstrap.RunNiFi Registered no Notification Services for Notification Type NIFI_DIED 2018-09-20 08:20:13,759 INFO [main] org.apache.nifi.bootstrap.Command Starting Apache NiFi... 2018-09-20 08:20:13,760 INFO [main] org.apache.nifi.bootstrap.Command Working Directory: /opt/app/nifi-1.7.1 2018-09-20 08:20:13,760 INFO [main] org.apache.nifi.bootstrap.Command Command: java -classpath /opt/app/nifi-1.7.1/./conf:/opt/app/nifi-1.7.1/./lib/javax.servlet-api-3.1.0.jar:/opt/app/nifi-1.7.1/./lib/jetty-schemas-3.1.jar:/opt/app/nifi-1.7.1/./lib/logback-classic-1.2.3.jar:/opt/app/nifi-1.7.1/./lib/logback-core-1.2.3.jar:/opt/app/nifi-1.7.1/./lib/slf4j-api-1.7.25.jar:/opt/app/nifi-1.7.1/./lib/jcl-over-slf4j-1.7.25.jar:/opt/app/nifi-1.7.1/./lib/jul-to-slf4j-1.7.25.jar:/opt/app/nifi-1.7.1/./lib/log4j-over-slf4j-1.7.25.jar:/opt/app/nifi-1.7.1/./lib/nifi-api-1.7.1.jar:/opt/app/nifi-1.7.1/./lib/nifi-framework-api-1.7.1.jar:/opt/app/nifi-1.7.1/./lib/nifi-runtime-1.7.1.jar:/opt/app/nifi-1.7.1/./lib/nifi-nar-utils-1.7.1.jar:/opt/app/nifi-1.7.1/./lib/nifi-properties-1.7.1.jar -Dorg.apache.jasper.compiler.disablejsr199=true -Xms8g -Xms8g -Djavax.security.auth.useSubjectCredsOnly=true -Djava.security.egd=file:/dev/urandom -Dsun.net.http.allowRestrictedHeaders=true -Djava.net.preferIPv4Stack=true -Djava.awt.headless=true -XX:+UseG1GC -Djava.protocol.handler.pkgs=sun.net.www.protocol -Dnifi.properties.file.path=/opt/app/nifi-1.7.1/./conf/nifi.properties -Dnifi.bootstrap.listen.port=40021 -Dapp=NiFi -Dorg.apache.nifi.bootstrap.config.log.dir=/opt/app/nifi-1.7.1/logs org.apache.nifi.NiFi 2018-09-20 08:20:13,784 INFO [main] org.apache.nifi.bootstrap.Command Launched Apache NiFi with Process ID 19384 2018-09-20 08:20:14,481 INFO [NiFi Bootstrap Command Listener] org.apache.nifi.bootstrap.RunNiFi Apache NiFi now running and listening for Bootstrap requests on port 40283 2018-09-20 08:20:35,382 ERROR [NiFi logging handler] org.apache.nifi.StdErr Failed to start web server: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through method 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency expressed through method 'setJwtAuthenticationProvider' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name
Re: Nifi -1.7 -Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI error on cluster node
We have no wild cards in the certificates created.Each node certificate has a unique CN name same as that of the hostname. -- Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/
Re: Nifi -1.7 -Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI error on cluster node
Thanks for the suggestions. I tried exactly the same step and deleted authorizations.xml and user.xml from all the cluster nodes and tried starting the nodes.I am encountering the below error while starting the nodes now and the node does not start now. 2018-09-20 08:20:09,003 ERROR [NiFi logging handler] org.apache.nifi.StdErr Failed to start web server: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through method 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency expressed through method 'setJwtAuthenticationProvider' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtAuthenticationProvider' defined in class path resource [nifi-web-security-context.xml]: Cannot resolve reference to bean 'authorizer' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is org.apache.nifi.authorization.exception.AuthorizerCreationException: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate node CN=hostname, OU=NIFI to seed policies. 2018-09-20 08:20:09,003 ERROR [NiFi logging handler] org.apache.nifi.StdErr Shutting down... 2018-09-20 08:20:09,662 INFO [main] org.apache.nifi.bootstrap.RunNiFi A shutdown was initiated. Will not restart NiFi 2018-09-20 08:20:10,291 INFO [main] org.apache.nifi.bootstrap.Command NiFi has finished shutting down. 2018-09-20 08:20:13,739 INFO [main] o.a.n.b.NotificationServiceManager Successfully loaded the following 0 services: [] 2018-09-20 08:20:13,743 INFO [main] org.apache.nifi.bootstrap.RunNiFi Registered no Notification Services for Notification Type NIFI_STARTED 2018-09-20 08:20:13,743 INFO [main] org.apache.nifi.bootstrap.RunNiFi Registered no Notification Services for Notification Type NIFI_STOPPED 2018-09-20 08:20:13,743 INFO [main] org.apache.nifi.bootstrap.RunNiFi Registered no Notification Services for Notification Type NIFI_DIED 2018-09-20 08:20:13,759 INFO [main] org.apache.nifi.bootstrap.Command Starting Apache NiFi... 2018-09-20 08:20:13,760 INFO [main] org.apache.nifi.bootstrap.Command Working Directory: /opt/app/nifi-1.7.1 2018-09-20 08:20:13,760 INFO [main] org.apache.nifi.bootstrap.Command Command: java -classpath /opt/app/nifi-1.7.1/./conf:/opt/app/nifi-1.7.1/./lib/javax.servlet-api-3.1.0.jar:/opt/app/nifi-1.7.1/./lib/jetty-schemas-3.1.jar:/opt/app/nifi-1.7.1/./lib/logback-classic-1.2.3.jar:/opt/app/nifi-1.7.1/./lib/logback-core-1.2.3.jar:/opt/app/nifi-1.7.1/./lib/slf4j-api-1.7.25.jar:/opt/app/nifi-1.7.1/./lib/jcl-over-slf4j-1.7.25.jar:/opt/app/nifi-1.7.1/./lib/jul-to-slf4j-1.7.25.jar:/opt/app/nifi-1.7.1/./lib/log4j-over-slf4j-1.7.25.jar:/opt/app/nifi-1.7.1/./lib/nifi-api-1.7.1.jar:/opt/app/nifi-1.7.1/./lib/nifi-framework-api-1.7.1.jar:/opt/app/nifi-1.7.1/./lib/nifi-runtime-1.7.1.jar:/opt/app/nifi-1.7.1/./lib/nifi-nar-utils-1.7.1.jar:/opt/app/nifi-1.7.1/./lib/nifi-properties-1.7.1.jar -Dorg.apache.jasper.compiler.disablejsr199=true -Xms8g -Xms8g -Djavax.security.auth.useSubjectCredsOnly=true -Djava.security.egd=file:/dev/urandom -Dsun.net.http.allowRestrictedHeaders=true -Djava.net.preferIPv4Stack=true -Djava.awt.headless=true -XX:+UseG1GC -Djava.protocol.handler.pkgs=sun.net.www.protocol -Dnifi.properties.file.path=/opt/app/nifi-1.7.1/./conf/nifi.properties -Dnifi.bootstrap.listen.port=40021 -Dapp=NiFi -Dorg.apache.nifi.bootstrap.config.log.dir=/opt/app/nifi-1.7.1/logs org.apache.nifi.NiFi 2018-09-20 08:20:13,784 INFO [main] org.apache.nifi.bootstrap.Command Launched Apache NiFi with Process ID 19384 2018-09-20 08:20:14,481 INFO [NiFi Bootstrap Command Listener] org.apache.nifi.bootstrap.RunNiFi Apache NiFi now running and listening for Bootstrap requests on port 40283 2018-09-20 08:20:35,382 ERROR [NiFi logging handler] org.apache.nifi.StdErr Failed to start web server: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through method 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency expressed through method 'setJwtAuthenticationProvider' parameter 0; nested exception is
Re: Nifi -1.7 -Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI error on cluster node
Thanks for the reply.Please find below the authorizations.xml and user.xml;- Authorizations.xml:- - - - - - - - - - - - - - - user.xml:- - - Errors in the user logs:- 2018-09-19 05:25:14,267 INFO [NiFi Web Server-22] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: Kerberos ticket login not supported by this NiFi.. Returning Conflict response. 2018-09-19 05:25:14,688 INFO [NiFi Web Server-18] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: OpenId Connect is not configured.. Returning Conflict response. 2018-09-19 05:25:15,073 INFO [NiFi Web Server-164] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=NADMIN, OU=NIFI) GET https://hostname1:9443/nifi-api/flow/current-user (source ip: 10.253.220.155) 2018-09-19 05:25:15,074 INFO [NiFi Web Server-164] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=NADMIN, OU=NIFI 2018-09-19 05:25:15,149 INFO [NiFi Web Server-22] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for () GET https://hostname1:9443/nifi-api/flow/current-user (source ip: 10.59.68.155) 2018-09-19 05:25:15,149 WARN [NiFi Web Server-22] o.a.n.w.s.NiFiAuthenticationFilter Rejecting access to web api: Untrusted proxy CN=hostname1:9443, OU=NIFI Shouldn’t the authorizations.xml get automatically generated? Strange this is, it works fine on the standalone node. -- Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/
Re: Nifi -1.7 -Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI error on cluster node
A few things to note: Between NiFi 1.3.0 and NiFi 1.7.0, the authorizer structure changed, as the user and group provider was separated from the policy provider. This means there are two components (UserGroupProvider) and (AccessPolicyProvider) that are defined independently and compose the ManagedAuthorizer. This means that for a cluster, the proxies must be defined in two locations in the authorizers.xml file (see below). Also, in NiFi 1.7.1, there were changes to hostname verification and wildcard certificates are fixed but wildcard certificates are not supported. If you are using wildcard certificates in your cluster, you should convert these to unique, explicit certificates for each node. Each node certificate should also contain a SubjectAlternativeName entry with the explicit DNS name of the service. More information can be found in the Admin Guide [1] or the Migration Guidance [2]. Here is an example authorizers.xml file with the proxies defined in both locations. file-user-group-provider org.apache.nifi.authorization.FileUserGroupProvider ./conf/users.xml CN=alopresto_NIFI-5370, OU=NIFI CN=node1.nifi.apache.org, OU=NIFI CN=node2.nifi.apache.org, OU=NIFI CN=node3.nifi.apache.org, OU=NIFI file-access-policy-provider org.apache.nifi.authorization.FileAccessPolicyProvider file-user-group-provider ./conf/authorizations.xml CN=alopresto_NIFI-5370, OU=NIFI CN=node1.nifi.apache.org, OU=NIFI CN=node2.nifi.apache.org, OU=NIFI CN=node3.nifi.apache.org, OU=NIFI managed-authorizer org.apache.nifi.authorization.StandardManagedAuthorizer file-access-policy-provider [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#tls-generation-toolkit [2] https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Sep 18, 2018, at 4:55 AM, Peter Wilcsinszky > wrote: > > Hi, > > are your hosts registered in LDAP properly? If you don't want them to come > from LDAP then they should come from the file-user-group-provider as > initial user identities in addition to your "Initial User Identity 1". > > Peter > > On Tue, Sep 18, 2018 at 11:54 AM nifi-san wrote: > >> Hello, >> >> We are trying to integrate Nifi-7.1 with SSL and LDAP. >> >> We have two different Nifi installation,one which is a standalone node and >> the other which is a three node cluster. >> >> Nifi Standalone:- >> We were able to successfully integrate the Standalone node with SSL and >> login to the Nifi UI with the client certificate. >> >> Nifi Cluster:- >> With the same configurations for authorizers.xml as is for the Nifi >> standalone, on the Nifi cluster nodes,we get the below error:- >> >> ERROR:- >> >> Insufficient Permissions >> Untrusted proxy CN=host1, OU=NIFI >> >> >> The authorizers.xml configurations on the cluster is as follows:- >> >> >> >> >>file-user-group-provider >>org.apache.nifi.authorization.FileUserGroupProvider >>/opt/app/resources/nifi/users.xml >> >> >>CN=NADMIN, >> OU=NIFI >> >> >>file-access-policy-provider >> >> org.apache.nifi.authorization.FileAccessPolicyProvider >>file-user-group-provider >>/opt/app/resources/nifi/authorizations.xml >>CN=NADMIN, >> OU=NIFI >> >> >>> name="ohlvnfiap002dd.oh.dev.dat.aws.vz-connect.net"> >>CN=host1, OU=NIFI >> CN=host2, OU=NIFI >> CN=host3, OU=NIFI >> >> >>managed-authorizer >> >> org.apache.nifi.authorization.StandardManagedAuthorizer >>file-access-policy-provider >> >> >> >> We have checked the FQDN and the CN Name of the certificates generated and >> all other configurations but could not identify anything specifically that >> could be the root cause of the issue. >> >> Apart from the above error with respect to privilege, we do not see any >> other error in the logs. >> >> The same configurations worked fine on Nifi-1.3,however, not sure why it >> does not work on Nifi-1.7. >> Also, it works fine on the standalone node but not on the cluster. >> >> Appreciate if you could provide any assistance on this as it has already >> been a while that we have been blocked because of this issue. >> >> >> >> -- >> Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/ >> signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Nifi -1.7 -Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI error on cluster node
Hi, are your hosts registered in LDAP properly? If you don't want them to come from LDAP then they should come from the file-user-group-provider as initial user identities in addition to your "Initial User Identity 1". Peter On Tue, Sep 18, 2018 at 11:54 AM nifi-san wrote: > Hello, > > We are trying to integrate Nifi-7.1 with SSL and LDAP. > > We have two different Nifi installation,one which is a standalone node and > the other which is a three node cluster. > > Nifi Standalone:- > We were able to successfully integrate the Standalone node with SSL and > login to the Nifi UI with the client certificate. > > Nifi Cluster:- > With the same configurations for authorizers.xml as is for the Nifi > standalone, on the Nifi cluster nodes,we get the below error:- > > ERROR:- > > Insufficient Permissions > Untrusted proxy CN=host1, OU=NIFI > > > The authorizers.xml configurations on the cluster is as follows:- > > > > > file-user-group-provider > org.apache.nifi.authorization.FileUserGroupProvider > /opt/app/resources/nifi/users.xml > > > CN=NADMIN, > OU=NIFI > > > file-access-policy-provider > > org.apache.nifi.authorization.FileAccessPolicyProvider > file-user-group-provider > /opt/app/resources/nifi/authorizations.xml > CN=NADMIN, > OU=NIFI > > > name="ohlvnfiap002dd.oh.dev.dat.aws.vz-connect.net"> > CN=host1, OU=NIFI > CN=host2, OU=NIFI > CN=host3, OU=NIFI > > > managed-authorizer > > org.apache.nifi.authorization.StandardManagedAuthorizer > file-access-policy-provider > > > > We have checked the FQDN and the CN Name of the certificates generated and > all other configurations but could not identify anything specifically that > could be the root cause of the issue. > > Apart from the above error with respect to privilege, we do not see any > other error in the logs. > > The same configurations worked fine on Nifi-1.3,however, not sure why it > does not work on Nifi-1.7. > Also, it works fine on the standalone node but not on the cluster. > > Appreciate if you could provide any assistance on this as it has already > been a while that we have been blocked because of this issue. > > > > -- > Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/ >
Re: Nifi -1.7 -Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI error on cluster node
Sounds like a permission issue. Can you share the content of /opt/app/resources/nifi/authorizations.xml to be sure that /proxy permissions have been correctly set on the node entities? Thanks, Pierre Le mar. 18 sept. 2018 à 11:54, nifi-san a écrit : > Hello, > > We are trying to integrate Nifi-7.1 with SSL and LDAP. > > We have two different Nifi installation,one which is a standalone node and > the other which is a three node cluster. > > Nifi Standalone:- > We were able to successfully integrate the Standalone node with SSL and > login to the Nifi UI with the client certificate. > > Nifi Cluster:- > With the same configurations for authorizers.xml as is for the Nifi > standalone, on the Nifi cluster nodes,we get the below error:- > > ERROR:- > > Insufficient Permissions > Untrusted proxy CN=host1, OU=NIFI > > > The authorizers.xml configurations on the cluster is as follows:- > > > > > file-user-group-provider > org.apache.nifi.authorization.FileUserGroupProvider > /opt/app/resources/nifi/users.xml > > > CN=NADMIN, > OU=NIFI > > > file-access-policy-provider > > org.apache.nifi.authorization.FileAccessPolicyProvider > file-user-group-provider > /opt/app/resources/nifi/authorizations.xml > CN=NADMIN, > OU=NIFI > > > name="ohlvnfiap002dd.oh.dev.dat.aws.vz-connect.net"> > CN=host1, OU=NIFI > CN=host2, OU=NIFI > CN=host3, OU=NIFI > > > managed-authorizer > > org.apache.nifi.authorization.StandardManagedAuthorizer > file-access-policy-provider > > > > We have checked the FQDN and the CN Name of the certificates generated and > all other configurations but could not identify anything specifically that > could be the root cause of the issue. > > Apart from the above error with respect to privilege, we do not see any > other error in the logs. > > The same configurations worked fine on Nifi-1.3,however, not sure why it > does not work on Nifi-1.7. > Also, it works fine on the standalone node but not on the cluster. > > Appreciate if you could provide any assistance on this as it has already > been a while that we have been blocked because of this issue. > > > > -- > Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/ >
Nifi -1.7 -Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI error on cluster node
Hello, We are trying to integrate Nifi-7.1 with SSL and LDAP. We have two different Nifi installation,one which is a standalone node and the other which is a three node cluster. Nifi Standalone:- We were able to successfully integrate the Standalone node with SSL and login to the Nifi UI with the client certificate. Nifi Cluster:- With the same configurations for authorizers.xml as is for the Nifi standalone, on the Nifi cluster nodes,we get the below error:- ERROR:- Insufficient Permissions Untrusted proxy CN=host1, OU=NIFI The authorizers.xml configurations on the cluster is as follows:- file-user-group-provider org.apache.nifi.authorization.FileUserGroupProvider /opt/app/resources/nifi/users.xml CN=NADMIN, OU=NIFI file-access-policy-provider org.apache.nifi.authorization.FileAccessPolicyProvider file-user-group-provider /opt/app/resources/nifi/authorizations.xml CN=NADMIN, OU=NIFI CN=host1, OU=NIFI CN=host2, OU=NIFI CN=host3, OU=NIFI managed-authorizer org.apache.nifi.authorization.StandardManagedAuthorizer file-access-policy-provider We have checked the FQDN and the CN Name of the certificates generated and all other configurations but could not identify anything specifically that could be the root cause of the issue. Apart from the above error with respect to privilege, we do not see any other error in the logs. The same configurations worked fine on Nifi-1.3,however, not sure why it does not work on Nifi-1.7. Also, it works fine on the standalone node but not on the cluster. Appreciate if you could provide any assistance on this as it has already been a while that we have been blocked because of this issue. -- Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/