[cetic/nifi] OIDC Untrusted proxy apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local

[diegorates1991]

Hello, I'm trying to implement a Nifi cluster using the latest version of this helm chart.
I'm using keycloak for OIDC authentication.
But I'm getting the following message when trying to authenticate in the UI:

Untrusted proxy apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local

I'm trying to run a cluster with 2 nodes.
Persistent volumes.
Aws Loadbalancer
cert-manager.
And authentication with keycloak.

Even running on only 1 node. The problem persists.

NAME READY STATUS RESTARTS AGE
apache-nifi-0 5/5 Running 0 12m
apache-nifi-zookeeper-0 1/1 Running 0 12m
apache-nifi-zookeeper-1 1/1 Running 0 12m
apache-nifi-zookeeper-2 1/1 Running 0 12m

My values.yaml

oidc:
enabled: true
discoveryUrl: http://mydomain.com/realms/nifi/.well-known/openid-configuration
clientId: nifi
clientSecret: xxxxxxx
claimIdentifyingUser: email
admin: my-email@domain.com
## Request additional scopes, for example profile
additionalScopes:

Any help on what's missing or what might be going on?

Log from user-log container:

2022-11-14 18:05:49,165 INFO [NiFi Web Server-184] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 152.x.x.x [my-email@domain.com<CN=apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local, OU=NIFI>] GET https://apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local:8443/nifi-api/flow/current-user
2022-11-14 18:05:49,166 WARN [NiFi Web Server-184] o.a.n.w.s.NiFiAuthenticationFilter Authentication Failed 152.x.x.x GET https://apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local:8443/nifi-api/flow/current-user [Untrusted proxy apache-nifi-0.apache-nifi-headless.nifi.svc.cluster.local]

Thank you!

[jrebmann]

Hi @diegorates1991,

maybe following article helps you to solve your problem:

Setup a secure Apache NiFi cluster in Kubernetes

It also describes how to setup a Apache NiFi cluster with a working OIDC authentication.