This repository has been archived by the owner on Feb 12, 2024. It is now read-only.
[cetic/nifi] OIDC Untrusted proxy apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local #277
Labels
help wanted
Extra attention is needed
Hello, I'm trying to implement a Nifi cluster using the latest version of this helm chart.
I'm using keycloak for OIDC authentication.
But I'm getting the following message when trying to authenticate in the UI:
Untrusted proxy apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local
I'm trying to run a cluster with 2 nodes.
Persistent volumes.
Aws Loadbalancer
cert-manager.
And authentication with keycloak.
Even running on only 1 node. The problem persists.
NAME READY STATUS RESTARTS AGE
apache-nifi-0 5/5 Running 0 12m
apache-nifi-zookeeper-0 1/1 Running 0 12m
apache-nifi-zookeeper-1 1/1 Running 0 12m
apache-nifi-zookeeper-2 1/1 Running 0 12m
My values.yaml
oidc:
enabled: true
discoveryUrl: http://mydomain.com/realms/nifi/.well-known/openid-configuration
clientId: nifi
clientSecret: xxxxxxx
claimIdentifyingUser: email
admin: my-email@domain.com
## Request additional scopes, for example profile
additionalScopes:
Any help on what's missing or what might be going on?
Log from user-log container:
2022-11-14 18:05:49,165 INFO [NiFi Web Server-184] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 152.x.x.x [my-email@domain.com<CN=apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local, OU=NIFI>] GET https://apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local:8443/nifi-api/flow/current-user
2022-11-14 18:05:49,166 WARN [NiFi Web Server-184] o.a.n.w.s.NiFiAuthenticationFilter Authentication Failed 152.x.x.x GET https://apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local:8443/nifi-api/flow/current-user [Untrusted proxy apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local]
Thank you!
The text was updated successfully, but these errors were encountered: