question Re: How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls? in Archives of Support Questions (Read Only)

How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

ramkrish9198 — Thu, 23 Feb 2017 21:07:24 GMT

After LDAP configuration, if i execute a curl command and make NIFI REST Client call:

"curl -i -k -X GET https://URL/nifi-api/flow/process-groups/16fc1e19-12ed-133d-079e-613116e15383" i get the error:

"Unable to perform the desired action due to insufficient permissions. Contact the system administrator.".

Which means i need to use one of the options mentioned in /nifi-api/access/ - to authenticate and then perform the above curl command to succeed. The REST calls against /nifi-api/access works meaning:

"curl -i -k -X GET https://URL/nifi-api/access" returns:

"{"accessStatus":{"status":"UNKNOWN","message":"No credentials supplied, unknown user."}}"

Re: How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

MattWho — Thu, 23 Feb 2017 21:12:47 GMT

@Ramakrishnan V

You will need to use the following curl command to obtain a token for your LDAP user:

curl 'https://<hostname>:<port>/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data 'username=admin&password=admin' --compressed --insecure

Once you have your token you will need to pass that token as the bearer of all subsequent curl command you execute against the NiFi api by adding teh following to your curl commads:

-H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1hZG1pbixkYz1leGFtcGxlLGRjPW9yZyIsImlzcyI6IkxkYXBQcm92aWRlciIsIm
F1ZCI6IkxkYXBQcm92aWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwia2lkIjoxLCJleHAiOjE0ODcxNDM2OTEs
ImlhdCI6MTQ4NzEwMDQ5MX0.GwwJ0Yz4_KXUAMNIH500jw8YcIk3e6ZdcT3LCrrkHjc'

The odd string above is an example of the token you will get back from the first command.

Thanks,

Matt

Re: How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

ramkrish9198 — Thu, 23 Feb 2017 22:38:44 GMT

Thanks Matt, so in case if am using an Apache HTTP client package and executing the above rest calls within in a executable jar file, then i would need need to do decryption of encrypted password and hit it in the way above...

Re: How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

mgilman — Fri, 24 Feb 2017 01:28:19 GMT

@Ramakrishnan V Just to clarify, is the password in your code encrypted? If so then yes, you would need to decrypt the password being sent in the request to /nifi-api/access/token. NiFi only supports username/password login's over HTTPS so that communication will be secure.

Re: How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

ramkrish9198 — Tue, 28 Feb 2017 17:09:49 GMT

Yes, because we are using a generic application user id and we would have it encrypted in a property file.