Skip to content
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.

[cetic/nifi] OIDC Untrusted proxy apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local #277

Open
diegorates1991 opened this issue Nov 14, 2022 · 1 comment
Labels
help wanted Extra attention is needed

Comments

@diegorates1991
Copy link

diegorates1991 commented Nov 14, 2022

Hello, I'm trying to implement a Nifi cluster using the latest version of this helm chart.
I'm using keycloak for OIDC authentication.
But I'm getting the following message when trying to authenticate in the UI:

Untrusted proxy apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local

I'm trying to run a cluster with 2 nodes.
Persistent volumes.
Aws Loadbalancer
cert-manager.
And authentication with keycloak.

Even running on only 1 node. The problem persists.

NAME READY STATUS RESTARTS AGE
apache-nifi-0 5/5 Running 0 12m
apache-nifi-zookeeper-0 1/1 Running 0 12m
apache-nifi-zookeeper-1 1/1 Running 0 12m
apache-nifi-zookeeper-2 1/1 Running 0 12m

My values.yaml

oidc:
enabled: true
discoveryUrl: http://mydomain.com/realms/nifi/.well-known/openid-configuration
clientId: nifi
clientSecret: xxxxxxx
claimIdentifyingUser: email
admin: my-email@domain.com
## Request additional scopes, for example profile
additionalScopes:

Any help on what's missing or what might be going on?

Log from user-log container:

2022-11-14 18:05:49,165 INFO [NiFi Web Server-184] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 152.x.x.x [my-email@domain.com<CN=apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local, OU=NIFI>] GET https://apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local:8443/nifi-api/flow/current-user
2022-11-14 18:05:49,166 WARN [NiFi Web Server-184] o.a.n.w.s.NiFiAuthenticationFilter Authentication Failed 152.x.x.x GET https://apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local:8443/nifi-api/flow/current-user [Untrusted proxy apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local]

Thank you!

@banzo banzo added the help wanted Extra attention is needed label Nov 17, 2022
@jrebmann
Copy link
Contributor

Hi @diegorates1991,

maybe following article helps you to solve your problem:

Setup a secure Apache NiFi cluster in Kubernetes

It also describes how to setup a Apache NiFi cluster with a working OIDC authentication.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

3 participants