Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Apache Nifi - username password for Rest Api

Labels:
avatar
author-rank jiayu_g3turbo
Contributor

Created ‎11-20-2017 09:40 AM

Hi,

where and how exactly can i set a username and password in Nifi?

I want to use them in Rest Api calls, like in this tutorial

https://community.hortonworks.com/articles/87160/creating-nifi-template-via-rest-api.html

At this nifi page is something written about setting username and password, but I dont understand it 😕

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration

I hope someone can help me.

17,334 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank alopresto author-rank
Guru

Created ‎11-20-2017 06:44 PM

Hi Andy,

Your question is ambiguous -- are you looking to use NiFi to make an external HTTP REST request to some other service, and that service requires a username and password, or are you trying to perform behavior in NiFi (adding templates, process groups, etc.) and want to authenticate to NiFi in order to do this?

For the former, you'll need to provide the credentials as an Authorization header via an attribute in the InvokeHTTP (or similar) processor.

For the latter, you configure NiFi to use one or more authentication mechanisms -- client certificates, LDAP, Kerberos, or OpenID Connect. All but client certificates use a username/password combination, which you can then exchange for an access token as described in the first link you included. Once you have that auth token, you pass it on each request and NiFi verifies it to prove your identity.

View solution in original post

15,356 Views
0 Kudos
7 REPLIES 7

avatar
author-rank alopresto author-rank
Guru

Created ‎11-20-2017 06:44 PM

Hi Andy,

Your question is ambiguous -- are you looking to use NiFi to make an external HTTP REST request to some other service, and that service requires a username and password, or are you trying to perform behavior in NiFi (adding templates, process groups, etc.) and want to authenticate to NiFi in order to do this?

For the former, you'll need to provide the credentials as an Authorization header via an attribute in the InvokeHTTP (or similar) processor.

For the latter, you configure NiFi to use one or more authentication mechanisms -- client certificates, LDAP, Kerberos, or OpenID Connect. All but client certificates use a username/password combination, which you can then exchange for an access token as described in the first link you included. Once you have that auth token, you pass it on each request and NiFi verifies it to prove your identity.

15,357 Views
0 Kudos

avatar
author-rank jiayu_g3turbo
Contributor

Created ‎11-22-2017 11:26 AM

Im trieng to perform a behavior in Nifi. Okay so I need to configure LDAP, Kerberos, or OpenID Connect. Can u give me a suggestion which one I should use? I dont really know about LDAP, Kerberos, or OpenID Connect. Because of that I didnt understood the things described in https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration

15,356 Views
0 Kudos

avatar
author-rank justenji
Master Collaborator

Created ‎10-18-2018 09:49 AM

@Andy LoPresto

Hi, found your answer when I was looking for a solution to run NiFi InvokeHTTP with different credentials. Can you tell me how to do this => "For the former, you'll need to provide the credentials as an Authorization header via an attribute in the InvokeHTTP (or similar) processor."

Is it the "Attributes to Send" information to set? Couldn't get it work.

Thanks for your help!

15,356 Views
0 Kudos

avatar
author-rank alopresto author-rank
Guru

Created on ‎10-18-2018 11:22 AM - edited ‎08-17-2019 09:44 PM

Justen, you do not need to provide a value for Attributes to Send if you are providing the Authorization header via a dynamic property on the InvokeHTTP processor (all dynamic properties are included as headers automatically). If the token value is coming as an attribute on the incoming flowfile, then you will need to provide a value for Attributes to Send -- you can use the explicit attribute name (key) if you only want to send that header, or a regular expression if you want to send more than one. I've linked to a template I just built which demonstrates this behavior. The dynamic property is already there -- to add one, you click the "+" icon on the top right of the Properties tab in the processor configuration.

92901-screen-shot-2018-10-18-at-81528-pm-compressed.png

15,356 Views

avatar
author-rank justenji
Master Collaborator

Created ‎10-19-2018 06:35 AM

@Andy LoPresto

Hi Andy, thank you so much for your quick and detailed response, really great! It works perfect, you made my day!

15,356 Views
0 Kudos

avatar
author-rank jiayu_g3turbo
Contributor

Created ‎11-22-2017 11:36 AM

Is this step by step guide legit for using OpenId Connect? https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect

15,356 Views
0 Kudos

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎10-19-2018 06:11 PM

@Andy Gisbo

Yes, that guide is accurate example of using OpenID with google.

15,356 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements