Phew,
Eventually found out that my node hostnames and the node identities in
authorizers.xml had a tiny mismatch
After making them identical it solved my issue
Thanks to all who helped me!
On Mon, May 4, 2020 at 11:06 PM Troy Melhase wrote:
> Ami, can you post any of your logs/configuration? I
Ami, can you post any of your logs/configuration? I've been working
thru some of the OIDC related issues and might be able to provide
insight.
On Mon, May 4, 2020 at 7:57 AM Ami Goldenberg wrote:
>
> Ok I have an update
> I tried running a cluster without Kubernetes, on AWS and following the
>
Ok I have an update
I tried running a cluster without Kubernetes, on AWS and following the
terraform configuration by pvillard here
https://github.com/pvillard31/nifi-gcp-terraform/tree/master/gcp-cluster-secured-nifi-oidc
Got a tls-toolkit CA server, zookeeper server, 2 nodes and an AWS ALB with
s
Actually with a set of 1 this would not have mattered. I think the problem
is not with the sticky sessions...
On Mon, Apr 27, 2020 at 9:43 PM Ami Goldenberg wrote:
> Great idea Andy
>
> I reduced the scale to 1 and it is still doing the same redirect loop.
> I guess the load balancer is hitting
Great idea Andy
I reduced the scale to 1 and it is still doing the same redirect loop.
I guess the load balancer is hitting a different node even if sticky is set
up? Even if eventually the service does clientAffinity maybe the client IP
is not taken correctly?
What are your thoughts?
On Mon, Ap
I have a very similar configuration and similar problem. After
authenticating with the OIDC server (Keycloak), I often get multiple
failures in verifying the JWT from the nifi servers and have to reload the
browser multiple times until it eventually hits the right one.
On Mon, Apr 27, 2020 at 2:2
Can you verify the initial redirect to OIDC and the callback are going to the
same node in NiFi? I see your LB configs are set to sticky sessions, but it may
be that if the callback is originating from the OIDC IDP server rather than the
actual client IP, the session affinity is not being applie
Hi Nathan,
Indeed, that's the case
On Mon, Apr 27, 2020 at 5:57 PM Nathan Gough wrote:
> Hi Ami,
>
> Just to confirm, the OAuth Client ID redirect URL in OIDC is set to "
> https://${nifi.hostname}:${nifi.port}/nifi-api/access/oidc/callback"; and
> the NiFi property is set "nifi.security.user.oi
Hi Ami,
Just to confirm, the OAuth Client ID redirect URL in OIDC is set to "
https://${nifi.hostname}:${nifi.port}/nifi-api/access/oidc/callback"; and
the NiFi property is set "nifi.security.user.oidc.discovery.url=
https://accounts.google.com/.well-known/openid-configuration";.
Nathan
On Mon,
Hi Ami,
Biased on the error you've got in the user log it looks like you've got
a local trust issue. If you could tell us what you've already tried,
someone might be able to help you a bit more.
Edward
On 27/04/2020 05:36, Ami Goldenberg wrote:
Hi,
We are trying to deploy NiFi on kubernete
Hi,
We are trying to deploy NiFi on kubernetes after successfully using it
for a while.
The issue we are having is that every time we enter our nifi URL it will
redirect us to Google and once we sign in we just get redirected again.
*The error I see on users.log is:*
o.a.n.w.s.NiFiAuthenticationF
11 matches
Mail list logo