Hi Daniel, Ok, I see. Thanks for the answer.
I switched to official Nifi registry image. I succeeded to spin up registry in docker container and to setup Kerberos provider in identity-providers.xml. Also I configured authorizers.xml as per afficial Nifi documentation. I already have the same setup with Kerberos, but not in Docker container. And everything works like a charm. When I enter credentials, login does not pass. This is app log: 2019-02-08 12:52:30,568 INFO [NiFi Registry Web Server-14] o.a.n.r.w.m.IllegalStateExceptionMapper java.lang.IllegalStateException: Kerberos service ticket login not supported by this NiFi Registry. Returning Conflict response. 2019-02-08 12:52:30,644 INFO [NiFi Registry Web Server-13] o.a.n.r.w.s.NiFiRegistrySecurityConfig Client could not be authenticated due to: org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext Returning 401 response. 2019-02-08 12:52:50,557 INFO [NiFi Registry Web Server-14] o.a.n.r.w.m.UnauthorizedExceptionMapper org.apache.nifi.registry.web.exception.UnauthorizedException: The supplied client credentials are not valid.. Returning Unauthorized response. Not sure what is going on here. Regards, Tom On Fri, 8 Feb 2019 at 11:36, Daniel Chaffelson <chaffel...@gmail.com> wrote: > Hi Tomislav, > I created that build a long time ago before the official apache one was > up, and it is out of date sorry. > Can I suggest you switch to the official apache image that Kevin mentioned > and try again? It is an up to date version and recommended by the community. > > On Thu, Feb 7, 2019 at 5:54 PM Tomislav Novosel <to.novo...@gmail.com> > wrote: > >> Hi Kevin, >> >> I'm using image from Docker hub on this link: >> https://hub.docker.com/r/chaffelson/nifi-registry >> >> I think I know where is the problem. The problem is in config file where >> http host and http port property remains even if I manually set https >> host and htpps port. >> I deleted http host and http port to be empty, but when I started >> container again, those values are again there. >> >> I don't know what the author of image wanted to say with this: >> >> The Docker image can be built using the following command: >> >> . >> ~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerBuild.sh >> >> What does this commend mean? >> >> And this: >> >> Note: The default version of NiFi-Registry specified by the Dockerfile >> is typically that of one that is unreleased if working from source. To >> build an image for a prior released version, one can override the >> NIFI_REGISTRY_VERSIONbuild-arg with the following command: >> >> docker build --build-arg=NIFI_REGISRTY_VERSION={Desired NiFi-Registry >> Version} -t apache/nifi-registry:latest . >> >> For this command above you need to have Dockerfile. I tried with >> Dockerfile from docker hub, but there are errors in execution on this line: >> >> ADD sh/ ${NIFI_REGISTRY_BASE_DIR}/scripts/ >> >> On the other hand, If I manage to get the image with first command, I >> will get Nifi registry version 0.1.0 which I don't want. >> >> I'm little bit confused here, sorry for longer mail. >> >> Thanks. >> >> Regards, >> Tom >> >> On Thu, 7 Feb 2019 at 17:38, Kevin Doran <kdo...@apache.org> wrote: >> >>> Hi Tom, >>> >>> Are you using the apache/nifi-registry image or a custom image for this? >>> >>> Have you configured TLS? >>> Can you share your complete conf dir (removing sensitive values such as >>> password or domains)? >>> >>> Thanks, >>> Kevin >>> >>> >>> On February 7, 2019 at 05:57:37, Tomislav Novosel (to.novo...@gmail.com) >>> wrote: >>> > Hi all, >>> > >>> > I'm trying to configure Nifi registry authentication with Kerberos >>> while >>> > Nifi registry runs >>> > inside Docker container. >>> > >>> > I configured all security properties in nifi-registry.properties, login >>> > identity provider and >>> > authorizers.xml. Everything the same as for Nifi registry running as a >>> > service without Docker container. >>> > >>> > When I open UI in browser and type in login data, login dose not pass. >>> > >>> > In /logs/nifi-registry-app.log I see error: >>> > >>> > An Authentication object was not found in the SecurityContext Returning >>> > 401 response >>> > java.lang.IllegalStateException: Access tokens are only issued over >>> HTTPS >>> > >>> > nifi.registry.web.https.host property is default because of Docker: >>> > ae24ea32faef >>> > nifi.registry.web.https.port=18080 >>> > >>> > How can I resolve this? >>> > Thanks. >>> > >>> > >>> > BR, >>> > Tom >>> > >>> >>>
