If you want no authN and no authZ then you can have empty authorizers.xml and empty login-identity-providers.xml, just make sure nifi.properties does not reference an authorizer id or identity provider id.
Keeping in mind that if you make it unsecure, hopefully your nifi instance is not accessible from anywhere other than localhost. On Tue, Dec 13, 2022 at 2:04 PM James McMahon <jsmcmah...@gmail.com> wrote: > > Thank you Bryan. I do have that declared in login-identity-providers.xml: > [ec2-user@ip-172-31-73-197 conf]$ more login-identity-providers.xml > <?xml version='1.0' encoding='UTF-8'?> > <!-- ANSIBLE MANAGED FILE. DO NOT EDIT --> > <loginIdentityProviders> > <provider> > > <class>org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider</class> > <identifier>single-user-provider</identifier> > </provider> > </loginIdentityProviders> > > I am not sure I can answer your question. I thought authorizers.xml, and the > other xml conf files were required. For my simplified use case, what is the > bare minimum configuration including in the authorizers.xml and > login-identity-providers.xml? > > I realize my use case is not a good long-term objective. But I want to get a > nifi instance running in a minimalist form, and then after I do that tackle > authorization, https, etc. > > On Tue, Dec 13, 2022 at 1:48 PM Bryan Bende <bbe...@gmail.com> wrote: >> >> The SingleUserAuthorizer requires using the >> SingleUserLoginIdentityProvider, do you have that declared in >> login-identity-providers.xml? >> >> Also if you are trying to remove authentication/authorization and run >> over http, then why declare the SingleUserAuthorizer at all? >> >> On Tue, Dec 13, 2022 at 1:43 PM James McMahon <jsmcmah...@gmail.com> wrote: >> > >> > Hello. I am having difficulty getting nifi to start for a simple single >> > node configuration without user authentication. My goal is to get a nifi >> > instance running over http. I understood that there would be no user >> > authentication in such a case. Why then is my nifi instance failing to >> > start with these errors thrown for authorizers.xml (example of the errors >> > at bottom)? >> > >> > I have no FileUserGroupProvider or LdapUserGroupProvider to access for >> > user account information. I establish a user named nifi and group named >> > nifi at the time I run my playbook. >> > >> > Currently I have only this in my authorizers.xml file. >> > <?xml version='1.0' encoding='UTF-8'?> >> > <!-- ANSIBLE MANAGED FILE. DO NOT EDIT --> >> > <authorizers> >> > <authorizer> >> > <identifier>single-user-authorizer</identifier> >> > >> > <class>org.apache.nifi.authorization.single.user.SingleUserAuthorizer</class> >> > </authorizer> >> > </authorizers> >> > I run my ansible playbook as user ec2-user, and the ansible role >> > establishes a user nifi. How must authorizers.xml be configured for such a >> > single-node nifi configuration? >> > >> > When I attempt to start nifi I get a series of errors like these in >> > nifi-app.log. I suspect my authorizers.xml is missing info. >> > >> > Caused by: >> > org.springframework.beans.factory.UnsatisfiedDependencyException: Error >> > creating bean with name >> > 'org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration': >> > Unsatisfied dependency expressed through method 'setObjectPostProcessor' >> > parameter 0; nested exception is >> > org.springframework.beans.factory.UnsatisfiedDependencyException: Error >> > creating >> > bean with name >> > 'org.apache.nifi.web.security.configuration.AuthenticationSecurityConfiguration': >> > Unsatisfied dependency expressed through constructor parameter 2; nested >> > exception is org.springframe >> > work.beans.factory.BeanCreationException: Error creating bean with name >> > 'authorizer': FactoryBean threw exception on object creation; nested >> > exception is java.lang.Exception: Unable to load the authorizer >> > configuration file at: >> > /opt/nifi/releases/nifi-1.16.3/./conf/authorizers.xml
