Cloudera Data Analytics (CDA) Forum

API Nifi + Token + SAML2

avatar
New Contributor

Hey!

 

Nifi is authenticating using SAML2, but the authenticator does not provide token without MFA authentication.

I need to create an automation to connect to the Nifi API, can I make this connection without using the SAML2 token?


Thanks

3 REPLIES 3

avatar
Community Manager

Welcome to the community @Gutao. Perhaps @MattWho or @SAMSAL will be able to lead you in the right direction.  


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
New Contributor

Thanks @cjervis !

 

I'll wait and see if someone can help me.

avatar
Master Mentor

@Gutao 
When interacting with the NiFi rest-api, I'd recommend creating a client certificate to use in your automation.  A secured NiFi will always WANT a client certificate and will only try another configured auth method if a client certificate is not provide in the TLS exchange.  Using a certificate for your rest-api automation removes the need for obtaining a token completely.  You simply pass your client certificate with every rest-api call.   Another advantage here over auth is token expiration. With no token involved with certificate based auth, your certificate will continuously work until it expires (typical default is 1 or 2 years). 

You'll need to setup authorization policies for your certificate user (Certificate DN used as user identity) for the various endpoints you are trying to interact with through the rest-api.

If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.

Thank you,

Matt