Created on 06-30-2017 10:27 PM
Using NiFi REST API for unsecured cluster is straight-forward like below:
[root@<nifi-host> ~]# curl -v -X GET http://<nifi-host>:<port>/nifi-api/flow/current-user * About to connect() to <nifi-host> port <port> (#0) * Trying <IP address>... * Connected to <nifi-host> (<IP address>) port <port> (#0) > GET /nifi-api/flow/current-user HTTP/1.1 > User-Agent: curl/7.29.0 > Host: <nifi-host>:<port> > Accept: */* > < HTTP/1.1 200 OK < Date: Fri, 30 Jun 2017 22:15:09 GMT < X-Frame-Options: SAMEORIGIN < X-Frame-Options: SAMEORIGIN < X-Frame-Options: SAMEORIGIN < Cache-Control: private, no-cache, no-store, no-transform < Server: Jetty(9.4.3.v20170317) < Vary: Accept-Encoding, User-Agent < Date: Fri, 30 Jun 2017 22:15:09 GMT < Date: Fri, 30 Jun 2017 22:15:09 GMT < Content-Type: application/json < Content-Length: 439 < * Connection #0 to host <nifi-host> left intact {"identity":"anonymous","anonymous":true,"provenancePermissions":{"canRead":true,"canWrite":true},"countersPermissions":{"canRead":true,"canWrite":true},"tenantsPermissions":{"canRead":true,"canWrite":true},"controllerPermissions":{"canRead":true,"canWrite":true},"policiesPermissions":{"canRead":true,"canWrite":true},"systemPermissions":{"canRead":true,"canWrite":true},"restrictedComponentsPermissions":{"canRead":true,"canWrite":true}}
However if this cluster is using Kerberos for authentication then the curl call will need a Kerberos authentication token as below:
token=`curl -k -X POST --negotiate -u : https://<nifi-node>:<port>/nifi-api/access/kerberos`
curl -k --header "Authorization: Bearer $token" https://<nifi-host>:<port>/nifi-api/flow/cluster/summary
Created on 09-19-2017 06:34 PM
Hi @Arti Wadhwani,
Could we use username/password of the principle created in Kerberos to login?
Since I don't have kinit in nifi node.
Thanks.
Created on 07-25-2018 08:54 PM
Hi,
I am trying to access nifi-api using kerberos token. I ran the command to obtain the token that is mentioned in the post but I get the following error: Kerberos ticket login not supported by this NiFi.
I have kerberos provider configured in login-identity-providers.xml and I am able to run kinit also.
Can you please help me how to resolve this issue?
Created on 10-04-2019 04:19 PM - edited 10-04-2019 04:21 PM
In case, you get below error, make sure you use Nifi host FQDN in API call and NOT IP address. Also, make sure DNS is configured correctly.
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /nifi-api/access/kerberos. Reason:
<pre> Unauthorized</pre>