https://community.cloudera.com/t5/Cloudera-Data-Analytics-CDA/API-Nifi-Token-SAML2/m-p/370671#M4 <P>Welcome to the community&nbsp;<A href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/105044" target="_blank">@Gutao</A>.&nbsp;Perhaps&nbsp;<A href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/35454" target="_blank">@MattWho</A>&nbsp;or&nbsp;<A href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/80381" target="_blank">@SAMSAL</A>&nbsp;will be able to lead you in the right direction.&nbsp;&nbsp;</P> Mon, 15 May 2023 12:28:33 GMT cjervis 2023-05-15T12:28:33Z https://community.cloudera.com/t5/Cloudera-Data-Analytics-CDA/API-Nifi-Token-SAML2/m-p/370666#M3 <P>Hey!</P><P>&nbsp;</P><P>Nifi is authenticating using SAML2, but the authenticator does not provide token without MFA authentication.</P><P>I need to create an automation to connect to the Nifi API, can I make this connection without using the SAML2 token?</P><P><BR />Thanks</P> Fri, 12 May 2023 17:12:18 GMT https://community.cloudera.com/t5/Cloudera-Data-Analytics-CDA/API-Nifi-Token-SAML2/m-p/370666#M3 Gutao 2023-05-12T17:12:18Z https://community.cloudera.com/t5/Cloudera-Data-Analytics-CDA/API-Nifi-Token-SAML2/m-p/370671#M4 <P>Welcome to the community&nbsp;<A href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/105044" target="_blank">@Gutao</A>.&nbsp;Perhaps&nbsp;<A href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/35454" target="_blank">@MattWho</A>&nbsp;or&nbsp;<A href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/80381" target="_blank">@SAMSAL</A>&nbsp;will be able to lead you in the right direction.&nbsp;&nbsp;</P> Mon, 15 May 2023 12:28:33 GMT https://community.cloudera.com/t5/Cloudera-Data-Analytics-CDA/API-Nifi-Token-SAML2/m-p/370671#M4 cjervis 2023-05-15T12:28:33Z https://community.cloudera.com/t5/Cloudera-Data-Analytics-CDA/API-Nifi-Token-SAML2/m-p/370742#M5 <P>Thanks&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/10253">@cjervis</a>&nbsp;!</P><P>&nbsp;</P><P>I'll wait and see if someone can help me.</P> Mon, 15 May 2023 12:33:15 GMT https://community.cloudera.com/t5/Cloudera-Data-Analytics-CDA/API-Nifi-Token-SAML2/m-p/370742#M5 Gutao 2023-05-15T12:33:15Z https://community.cloudera.com/t5/Cloudera-Data-Analytics-CDA/API-Nifi-Token-SAML2/m-p/371619#M17 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/105044">@Gutao</a>&nbsp;<BR />When interacting with the NiFi rest-api, I'd recommend creating a client certificate to use in your automation.&nbsp; A secured NiFi will always WANT a client certificate and will only try another configured auth method if a client certificate is not provide in the TLS exchange.&nbsp; Using a certificate for your rest-api automation removes the need for obtaining a token completely.&nbsp; You simply pass your client certificate with every rest-api call.&nbsp; &nbsp;Another advantage here over auth is token expiration. With no token involved with certificate based auth, your certificate will continuously work until it expires (typical default is 1 or 2 years).&nbsp;<BR /><BR />You'll need to setup authorization policies for your certificate user (Certificate DN used as user identity) for the various endpoints you are trying to interact with through the rest-api.<BR /><BR /></P><P><FONT face="batang,apple gothic">If you found that the provided solution(s) assisted you with your query, please take a moment to login and click</FONT>&nbsp;<FONT face="arial black,avant garde" color="#FF0000">Accept as Solution&nbsp;</FONT><FONT face="batang,apple gothic" color="#000000">below each response that helped.<BR /><BR />Thank you,</FONT></P><P><FONT face="batang,apple gothic" color="#000000">Matt</FONT></P> Fri, 26 May 2023 19:29:38 GMT https://community.cloudera.com/t5/Cloudera-Data-Analytics-CDA/API-Nifi-Token-SAML2/m-p/371619#M17 MattWho 2023-05-26T19:29:38Z