o.a.n.w.a.c.AccessDeniedExceptionMapper anonymous does not have permission to access the requested resource. Returning Unauthorized response.

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

o.a.n.w.a.c.AccessDeniedExceptionMapper anonymous does not have permission to access the requested resource. Returning Unauthorized response.

Aolong Ding -X (aoding - Insigma Hengtian at Cisco)

Hi all,

 

I am trying to integrate nifi with ldap, this is my configuration:

<provider>
    <identifier>ldap-provider</identifier>
    <class>org.apache.nifi.ldap.LdapProvider</class>
    <property name="Authentication Strategy">SIMPLE</property>
    <property name="Manager DN"></property>
    <property name="Manager Password"></property>
    <property name="TLS - Keystore"></property>
    <property name="TLS - Keystore Password"></property>
    <property name="TLS - Keystore Type"></property>
    <property name="TLS - Truststore"></property>
    <property name="TLS - Truststore Password"></property>
    <property name="TLS - Truststore Type"></property>
    <property name="TLS - Client Auth"></property>
    <property name="TLS - Protocol"></property>
    <property name="TLS - Shutdown Gracefully"></property>
    
    <property name="Referral Strategy">FOLLOW</property>
    <property name="Connect Timeout">10 secs</property>
    <property name="Read Timeout">10 secs</property>
    <property name="Url">ldaps://xxxxxxx:port</property>
    <property name="User Search Base">ou=xxx,o=xxxx</property>
    <property name="User Search Filter">uid={0}</property>
    <property name="Identity Strategy">USE_DN</property>
    <property name="Authentication Expiration">50 minutes</property>
</provider>

 

I can always start nifi, input username and password, if the username and password are not correct, it will send an error message to me, so I think the configuration is okay, but when I input correct username and password then click log in while I am tailing nifi-user.log, there are no output of tail command, and on my browser, this is my screen:

After I click home, the tail command will output:

Could anybody give me a hand?

 

Thanks

Alex

Reply | Threaded
Open this post in threaded view
|

Re: o.a.n.w.a.c.AccessDeniedExceptionMapper anonymous does not have permission to access the requested resource. Returning Unauthorized response.

Matt Gilman
Alex,

The screenshots did not come through in your message. Can you compare the
DN your authenticating as with the DN of your user in the users.xml file?
These must match. The DN you're authenticating as will be printed in the
<NIFI_HOME>/logs/nifi-user.log file.

Thanks

Matt

On Mon, Jul 24, 2017 at 1:55 AM, Aolong Ding -X (aoding - Insigma Hengtian
at Cisco) <[hidden email]> wrote:

> Hi all,
>
>
>
> I am trying to integrate nifi with ldap, this is my configuration:
>
> <provider>
>     <identifier>ldap-provider</identifier>
>     <class>org.apache.nifi.ldap.LdapProvider</class>
>     <property name="Authentication Strategy">SIMPLE</property>
>     <property name="Manager DN"></property>
>     <property name="Manager Password"></property>
>     <property name="TLS - Keystore"></property>
>     <property name="TLS - Keystore Password"></property>
>     <property name="TLS - Keystore Type"></property>
>     <property name="TLS - Truststore"></property>
>     <property name="TLS - Truststore Password"></property>
>     <property name="TLS - Truststore Type"></property>
>     <property name="TLS - Client Auth"></property>
>     <property name="TLS - Protocol"></property>
>     <property name="TLS - Shutdown Gracefully"></property>
>
>     <property name="Referral Strategy">FOLLOW</property>
>     <property name="Connect Timeout">10 secs</property>
>     <property name="Read Timeout">10 secs</property>
>     <property name="Url">ldaps://*xxxxxxx:port*</property>
>     <property name="User Search Base">ou=xxx,o=xxxx</property>
>     <property name="User Search Filter">uid={0}</property>
>     <property name="Identity Strategy">USE_DN</property>
>     <property name="Authentication Expiration">50 minutes</property>
> </provider>
>
>
>
> I can always start nifi, input username and password, if the username and
> password are not correct, it will send an error message to me, so I think
> the configuration is okay, but when I input correct username and password
> then click log in while I am tailing nifi-user.log, there are no output of
> tail command, and on my browser, this is my screen:
>
> After I click home, the tail command will output:
>
> Could anybody give me a hand?
>
>
>
> Thanks
>
> Alex
>
Reply | Threaded
Open this post in threaded view
|

Re: o.a.n.w.a.c.AccessDeniedExceptionMapper anonymous does not have permission to access the requested resource. Returning Unauthorized response.

Andy LoPresto-2
It does not appear that you have provided a Manager DN or password, nor any keystore or truststore properties. In order to connect over LDAPS, you will need at least a truststore with the public certificate of the LDAPS server (or one of the CAs that signed it) in order to verify the connection. You may also need a keystore containing a private key for this instance if mutual authentication TLS is desired. [1]

Finally, you will need the manager DN and password in order to authenticate into the LDAPS server to perform queries. 


Andy LoPresto
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

On Jul 24, 2017, at 5:41 AM, Matt Gilman <[hidden email]> wrote:

Alex,

The screenshots did not come through in your message. Can you compare the
DN your authenticating as with the DN of your user in the users.xml file?
These must match. The DN you're authenticating as will be printed in the
<NIFI_HOME>/logs/nifi-user.log file.

Thanks

Matt

On Mon, Jul 24, 2017 at 1:55 AM, Aolong Ding -X (aoding - Insigma Hengtian
at Cisco) <[hidden email]> wrote:

Hi all,



I am trying to integrate nifi with ldap, this is my configuration:

<provider>
   <identifier>ldap-provider</identifier>
   <class>org.apache.nifi.ldap.LdapProvider</class>
   <property name="Authentication Strategy">SIMPLE</property>
   <property name="Manager DN"></property>
   <property name="Manager Password"></property>
   <property name="TLS - Keystore"></property>
   <property name="TLS - Keystore Password"></property>
   <property name="TLS - Keystore Type"></property>
   <property name="TLS - Truststore"></property>
   <property name="TLS - Truststore Password"></property>
   <property name="TLS - Truststore Type"></property>
   <property name="TLS - Client Auth"></property>
   <property name="TLS - Protocol"></property>
   <property name="TLS - Shutdown Gracefully"></property>

   <property name="Referral Strategy">FOLLOW</property>
   <property name="Connect Timeout">10 secs</property>
   <property name="Read Timeout">10 secs</property>
   <property name="Url"><a href="ldaps://*xxxxxxx:port*&lt;/property&gt;" class="">ldaps://*xxxxxxx:port*</property>
   <property name="User Search Base">ou=xxx,o=xxxx</property>
   <property name="User Search Filter">uid={0}</property>
   <property name="Identity Strategy">USE_DN</property>
   <property name="Authentication Expiration">50 minutes</property>
</provider>



I can always start nifi, input username and password, if the username and
password are not correct, it will send an error message to me, so I think
the configuration is okay, but when I input correct username and password
then click log in while I am tailing nifi-user.log, there are no output of
tail command, and on my browser, this is my screen:

After I click home, the tail command will output:

Could anybody give me a hand?



Thanks

Alex



signature.asc (859 bytes) Download Attachment