Cloudera Data Analytics (CDA) Forum

Celebrating as our community reaches 100,000 members! Thank you!

API Nifi + Token + SAML2

New Contributor



Nifi is authenticating using SAML2, but the authenticator does not provide token without MFA authentication.

I need to create an automation to connect to the Nifi API, can I make this connection without using the SAML2 token?



Community Manager

Welcome to the community @Gutao. Perhaps @MattWho or @SAMSAL will be able to lead you in the right direction.  

Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

New Contributor

Thanks @cjervis !


I'll wait and see if someone can help me.

Super Mentor

When interacting with the NiFi rest-api, I'd recommend creating a client certificate to use in your automation.  A secured NiFi will always WANT a client certificate and will only try another configured auth method if a client certificate is not provide in the TLS exchange.  Using a certificate for your rest-api automation removes the need for obtaining a token completely.  You simply pass your client certificate with every rest-api call.   Another advantage here over auth is token expiration. With no token involved with certificate based auth, your certificate will continuously work until it expires (typical default is 1 or 2 years). 

You'll need to setup authorization policies for your certificate user (Certificate DN used as user identity) for the various endpoints you are trying to interact with through the rest-api.

If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.

Thank you,