Ralph, Based on the details in your email, it sounds like it should be working. At start up, it will go through the users database to re-verify each user with the configured provider. The authorizations for a user are cache in this database for a configurable time. The re-verification is done to ensure the cached authorizations were correct in the event that an admin changed the configured authority provider.
Looking at the code there should be some additional logging about the issue that occurred while attempting to verify the user in question. Are you seeing anything else in the logs? Matt On Tue, Jul 26, 2016 at 12:47 PM, Perko, Ralph J <[email protected]> wrote: > Hi – whenever we restart Nifi half the accounts are disabled with this > message: > > INFO [main] o.a.n.a.s.action.SeedUserAccountsAction User not authorized > with configured provider: <user-id>. Disabling account... > > The users are in the authorized-users.xml file. Is this a configuration > issue on our part or a bug? It is curious that not all the accounts get > disabled only some and it is always the same accounts. > > To re-enable the accounts I go into the users page, select the disabled > user (click the little pencil) and click ‘apply’ with no changes - the > account is re-enabled. > > Details: > Nifi 0.6.1 > authority-providers.xml: default file provider > login-identy-management.xml: kerberos-provider (corporate system – > everyone is in it) > authorized-users.xml:setup for each user > > Thanks, > Ralph > >
