Cloudera Data Analytics (CDA) Forum

Gutao · ‎05-12-2023

Hey!

Nifi is authenticating using SAML2, but the authenticator does not provide token without MFA authentication.

I need to create an automation to connect to the Nifi API, can I make this connection without using the SAML2 token?

Thanks

cjervis · ‎05-12-2023

Welcome to the community @Gutao. Perhaps @MattWho or @SAMSAL will be able to lead you in the right direction.

Keep the questions coming,

Cy Jervis | Senior Manager, Knowledge Programs

if (helpful) { mark_as_solution(); } | if (appreciated) { give_kudos(); }

Gutao · ‎05-15-2023

Thanks @cjervis !

I'll wait and see if someone can help me.

MattWho · ‎05-26-2023

@Gutao
When interacting with the NiFi rest-api, I'd recommend creating a client certificate to use in your automation. A secured NiFi will always WANT a client certificate and will only try another configured auth method if a client certificate is not provide in the TLS exchange. Using a certificate for your rest-api automation removes the need for obtaining a token completely. You simply pass your client certificate with every rest-api call. Another advantage here over auth is token expiration. With no token involved with certificate based auth, your certificate will continuously work until it expires (typical default is 1 or 2 years).

You'll need to setup authorization policies for your certificate user (Certificate DN used as user identity) for the various endpoints you are trying to interact with through the rest-api.

If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.

Thank you,

Matt

Cloudera Community

Cloudera Data Analytics (CDA) Forum

API Nifi + Token + SAML2

Cy Jervis | Senior Manager, Knowledge Programs