Here is my authorizations.xml
<authorizations>
<policies>
<policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f"
resource="/flow" action="R">
<user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
</policy>
<policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515"
resource="/restricted-components" action="W">
<user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
</policy>
<policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7"
resource="/tenants" action="R">
<user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
</policy>
<policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5"
resource="/tenants" action="W">
<user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
</policy>
<policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212"
resource="/policies" action="R">
<user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
</policy>
<policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d"
resource="/policies" action="W">
<user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
</policy>
<policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03"
resource="/controller" action="R">
<user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
</policy>
<policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf"
resource="/controller" action="W">
<user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"/>
</policy>
<policy identifier="287edf48-da72-359b-8f61-da5d4c45a270"
resource="/proxy" action="W">
<user identifier="20f01804-bad9-3baf-9ebb-5846ae8e7425"/>
<user identifier="ce02b3e3-68ff-3bc1-9001-6a66b26db1f9"/>
<user identifier="c0ae0a6d-d80a-39ce-aa5e-b519066ffefe"/>
</policy>
</policies>
</authorizations>
> On Mar 30, 2018, at 9:48 AM, Pierre Villard <[email protected]>
> wrote:
>
> Hi Scott,
>
> Can you have a look at the authorizations.xml file? (and share the content of
> it to confirm that node users are given the proxy authorizations?)
>
> Thanks!
>
> 2018-03-30 16:15 GMT+02:00 Scott Howell <[email protected]
> <mailto:[email protected]>>:
> I am nearing the finish line of setting up a cluster using a self-signed
> cert.
>
> When trying to login to the cluster after the cluster comes up I am able to
> see in the logs that my initial admin user is able to login.
>
> Once that takes place I get an “Untrusted proxy” error on both the UI and in
> the nifi-user.log.
>
> This is what I see in the UI: Untrusted proxy CN="nifi-2.dev.{redacted}.com,
> OU=Nifi”
>
> In my authorizers.xml I have this:
> <authorizers>
> <authorizer>
> <identifier>file-provider</identifier>
> <class>org.apache.nifi.authorization.FileAuthorizer</class>
> <property name="Authorizations
> File">/opt/config/authorizations.xml</property>
> <property name="Users File">/opt/config/users.xml</property>
> <property name="Initial Admin
> Identity">uid=scott,ou=users,dc={redacted},dc=com</property>
> <property name="Legacy Authorized Users File"></property>
>
> <property name="Node Identity 1">CN=nifi-1.dev.{redacted}.com,
> OU=Nifi</property>
> <property name="Node Identity 2">CN=nifi-2.dev.{redacted}.com,
> OU=Nifi</property>
> <property name="Node Identity 3">CN=nifi-3.dev.{redacted}.com,
> OU=Nifi</property>
> </authorizer>
> </authorizers>
>
> On the nodes I am seeing this in my user.xml
> <tenants>
> <groups/>
> <users>
> <user identifier="4e9a2753-85a0-3c8e-96bf-6d5ef821fe53"
> identity="uid=scott,ou=users,dc={redacted},dc=com"/>
> <user identifier="20f01804-bad9-3baf-9ebb-5846ae8e7425"
> identity="CN=nifi-1.dev.{redacted}.com, OU=Nifi"/>
> <user identifier="ce02b3e3-68ff-3bc1-9001-6a66b26db1f9"
> identity="CN=nifi-2.dev.{redacted}.com, OU=Nifi"/>
> <user identifier="c0ae0a6d-d80a-39ce-aa5e-b519066ffefe"
> identity="CN=nifi-3.dev.{redacted}.com, OU=Nifi"/>
> </users>
> </tenants>
>
> I believe the issue is with where the “ is in my error "Untrusted proxy
> CN="nifi-2.dev.mobilgov.com <http://nifi-2.dev.mobilgov.com/>, OU=Nifi”” but
> I am not able to figure out where that quotation is coming from because I
> can’t find it in anywhere.
>
> Was wondering if anyone has had issues with this before.
>
> Scott
>
