Nifi - Initial admin unable to add users

Question

I've setup a new Nifi instance using certificates for authentication created with the TLS Toolkit. On startup, the authorizations.xml and users.xml are generated as expected and I can log in as the initial admin. However I do not see the menu option to configure users or policies.

Here are the relevant snippets of my configurations:

# nifi.properties
nifi.web.https.host=localhost
nifi.web.https.port=9443

nifi.security.user.authorizer=single-user-authorizer
nifi.security.allow.anonymous.authentication=false
nifi.security.user.login.identity.provider=single-user-provider

<!-- authorizers.xml -->
<userGroupProvider>
   <identifier>file-user-group-provider</identifier>
   <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
   <property name="Users File">./conf/users.xml</property>
   <property name="Legacy Authorized Users File"></property>
   <property name="Initial User Identity 1">CN=my_username, OU=NiFi</property>
</userGroupProvider>

<accessPolicyProvider>
   <identifier>file-access-policy-provider</identifier>
   <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
   <property name="User Group Provider">file-user-group-provider</property>
   <property name="Authorizations File">./conf/authorizations.xml</property>
   <property name="Initial Admin Identity">CN=my_username, OU=NiFi</property>
   <property name="Legacy Authorized Users File"></property>
   <property name="Node Identity 1"></property>
   <property name="Node Group"></property>
</accessPolicyProvider>

<!-- conf/users.xml -->
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<tenants>
    <groups/>
    <users>
        <user identifier="56323815-c1ee-3cc6-b3ac-445a312eb65e" identity="CN=my_username, OU=NiFi"/>
    </users>
</tenants>

<!-- conf/authorizations.xml -->
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<authorizations>
   <policies>
      <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f" resource="/flow" action="R">
         <user identifier="56323815-c1ee-3cc6-b3ac-445a312eb65e"/>
      </policy>
      <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515" resource="/restricted-components" action="W">
         <user identifier="56323815-c1ee-3cc6-b3ac-445a312eb65e"/>
      </policy>
      <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7" resource="/tenants" action="R">
         <user identifier="56323815-c1ee-3cc6-b3ac-445a312eb65e"/>
      </policy>
      <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5" resource="/tenants" action="W">
         <user identifier="56323815-c1ee-3cc6-b3ac-445a312eb65e"/>
      </policy>
      <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212" resource="/policies" action="R">
         <user identifier="56323815-c1ee-3cc6-b3ac-445a312eb65e"/>
      </policy>
      <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d" resource="/policies" action="W">
         <user identifier="56323815-c1ee-3cc6-b3ac-445a312eb65e"/>
      </policy>
      <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03" resource="/controller" action="R">
         <user identifier="56323815-c1ee-3cc6-b3ac-445a312eb65e"/>
      </policy>
      <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf" resource="/controller" action="W">
         <user identifier="56323815-c1ee-3cc6-b3ac-445a312eb65e"/>
      </policy>
    </policies>
</authorizations>

Answer 1

This is because the initial version of the secure version of NiFi is running in single user authentication mode. To add users, one would need to change this, and be able to edit the users and policies that can login and interact with NiFi, you will need to integrate NiFi with another login provider, such as LDAP or Kerberos. Once integrated to allow logins from LDAP or Kerberos, NiFi can be logged into from the initial admin account and be configured as desired.