Re: Legacy Authorized Users File approach not working?

2016-12-22 Thread Russell Bateman
Bryan and James, Thanks for your advice. NiFi is wonderful technology, but it's greater still by reason of our community, in particular, experts like you. I will write up whatever decision we reach including our experience. Just yesterday, I sweated through getting the Java Flight Recorder (J

Re: Legacy Authorized Users File approach not working?

2016-12-21 Thread James Wing
Russell, I would not recommend the Legacy Authorized Users approach in 1.x. It does work, but the authorizations model in 1.x is bigger than it was in 0.x, and the simple conversion will not provide all that you need. I recommend using the Initial Admin Identity, then configuring groups and user

Re: Legacy Authorized Users File approach not working?

2016-12-20 Thread Russell Bateman
Thanks, Bryan. I will try this again. Meanwhile, I've been studying our 0.x LDAP twists and I am starting to feel sure I can replicate them in 1.x. Both avenues will be useful to us. (But, I really liked nifi-toolkit and your tutorial.) Best, Russ On 12/20/2016 03:41 PM, Bryan Bende wrote: R

Re: Legacy Authorized Users File approach not working?

2016-12-20 Thread Bryan Bende
Russell, To verify the conversion of the legacy authorized users file, I just did the following... 1) Took a fresh build off master (1.2-SNAPSHOT) 2) Created an authorized-users.xml with the following content as a test:

Re: Legacy Authorized Users File approach not working?

2016-12-20 Thread Russell Bateman
Bryan, As I'm new to setting this up (why I'm tackling this at all), I initially looked toJames Wing's tutorial . At the end of that, I had a file, /authorized-users.xml/, which I wanted to provide via this "legacy" interface to NiFi 1.1.

Re: Legacy Authorized Users File approach not working?

2016-12-20 Thread Bryan Bende
For the 0.x instance, can you elaborate on "it was not working"? You should be able to point set "Legacy Authorized Users File" in authorizers.xml to point to your old file, and leave the Initial Admin blank. On Tue, Dec 20, 2016 at 2:17 PM, Russell Bateman wrote: > Just getting time to return

Re: Legacy Authorized Users File approach not working?

2016-12-20 Thread Russell Bateman
Just getting time to return to this... Bryan First, I was trying to follow the admin guide for converting an existing 0.x instance. It was not working. Second, however, I walked your tutorial successfully and created a secure instance of NiFi (I'm not, at this moment, interested in creating

Re: Legacy Authorized Users File approach not working?

2016-12-16 Thread Bryan Bende
Russell, If you are starting with an existing 1.x installation then this post has a tutorial that should cover all the steps to secure the installation: http://bryanbende.com/development/2016/08/17/apache-nifi-1-0-0-authorization-and-multi-tenancy The short version is you should not have to crea

Legacy Authorized Users File approach not working?

2016-12-16 Thread Russell Bateman
I'm working on securing NiFi 1.1.0 with SSL. As I'm following a tutorial [1] written for 0.x, I'm attempting to use the legacy option in /conf/authorizers.//xml/: file-provider org.apache.nifi.authorization.FileAuthorizer ./conf/authorizations.xml ./conf/users.xml