Cloudera Community

Cloudera Data Analytics (CDA) Forum

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

API Nifi + Token + SAML2

Labels:
avatar
author-rank Gutao
New Contributor

Created ‎05-12-2023 10:12 AM

Hey!

 

Nifi is authenticating using SAML2, but the authenticator does not provide token without MFA authentication.

I need to create an automation to connect to the Nifi API, can I make this connection without using the SAML2 token?


Thanks

638 Views
0 Kudos
3 REPLIES 3

avatar
author-rank cjervis author-rank
Community Manager

Created on ‎05-12-2023 12:38 PM - edited ‎05-15-2023 05:28 AM

Welcome to the community @Gutao. Perhaps @MattWho or @SAMSAL will be able to lead you in the right direction.  


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
617 Views
0 Kudos

avatar
author-rank Gutao
New Contributor

Created ‎05-15-2023 05:33 AM

Thanks @cjervis !

 

I'll wait and see if someone can help me.

578 Views
0 Kudos

avatar
author-rank MattWho author-rank
Super Mentor

Created ‎05-26-2023 12:29 PM

@Gutao 
When interacting with the NiFi rest-api, I'd recommend creating a client certificate to use in your automation.  A secured NiFi will always WANT a client certificate and will only try another configured auth method if a client certificate is not provide in the TLS exchange.  Using a certificate for your rest-api automation removes the need for obtaining a token completely.  You simply pass your client certificate with every rest-api call.   Another advantage here over auth is token expiration. With no token involved with certificate based auth, your certificate will continuously work until it expires (typical default is 1 or 2 years). 

You'll need to setup authorization policies for your certificate user (Certificate DN used as user identity) for the various endpoints you are trying to interact with through the rest-api.

If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.

Thank you,

Matt

466 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements