jrebmann
commented
10 months ago Hi @diegorates1991,
maybe following article helps you to solve your problem:
Setup a secure Apache NiFi cluster in Kubernetes
It also describes how to setup a Apache NiFi cluster with a working OIDC authentication.
Hello, I'm trying to implement a Nifi cluster using the latest version of this helm chart. I'm using keycloak for OIDC authentication. But I'm getting the following message when trying to authenticate in the UI:
Untrusted proxy apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local
I'm trying to run a cluster with 2 nodes. Persistent volumes. Aws Loadbalancer cert-manager. And authentication with keycloak.
Even running on only 1 node. The problem persists.
NAME READY STATUS RESTARTS AGE apache-nifi-0 5/5 Running 0 12m apache-nifi-zookeeper-0 1/1 Running 0 12m apache-nifi-zookeeper-1 1/1 Running 0 12m apache-nifi-zookeeper-2 1/1 Running 0 12m
My values.yaml
oidc: enabled: true discoveryUrl: http://mydomain.com/realms/nifi/.well-known/openid-configuration clientId: nifi clientSecret: xxxxxxx claimIdentifyingUser: email admin: my-email@domain.com
Request additional scopes, for example profile
Any help on what's missing or what might be going on?
Log from user-log container:
2022-11-14 18:05:49,165 INFO [NiFi Web Server-184] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 152.x.x.x [my-email@domain.com] GET https://apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local:8443/nifi-api/flow/current-user
2022-11-14 18:05:49,166 WARN [NiFi Web Server-184] o.a.n.w.s.NiFiAuthenticationFilter Authentication Failed 152.x.x.x GET https://apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local:8443/nifi-api/flow/current-user [Untrusted proxy apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local]
Thank you!