Closed ggerla closed 1 year ago
Hi I was able to progress a little bit. I configured access to an external Keycloak and this solved the issue posted before. Now if I try to access from Firefox everything works fine. but if I try to access from Chrome I receive the following error
Unauthorized error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"
Because this issue disappears when I reduce the number of nodes to 1, I think this issue is related to the istio gateway configuration... Can someone help me to progress?
I haven't configured NiFi behind an Istio gateway, but i have configured NiFi with OIDC behind an nginx Ingress
. For any proxy sitting in front of your NiFi cluster, you need to make sure you set the appropriate proxy headers: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#proxy_configuration
I have an open PR to contribute a helm chart for NiFi clusters, including an Ingress. It might help you as an example of how to configure a proxy:
Hi all After a lot of troubles I was able to solve the issue. I created a doc page with this PR
@juldrixx I noted that my PR was merged into v1.0.0, but it is still not present into 1.1.0. Do you know how is this possible?
Oh I hadn't seen this one, you modified the wrong file (the version 1.0.0 file) so the change is only here.
I will correct this.
Fixed.
Fixed.
Thanks
Hi all I need to deploy a Nifi cluster with https enabled. I have neither LDAP or Keycloak, so I would like to configure only one admin user. Because my K8S is using istio I configured a gateway and a virtual service to allow access to the cluster from external world. I created a secret with my CA and then an issuer. I deployed the operator with this configuration
and finally deployed the cluster
The cluster seems to start properly but if I try to access to the UI I receive the following error
Do you have any idea on how to solve this issue?