Created 11-20-2017 09:40 AM
Hi,
where and how exactly can i set a username and password in Nifi?
I want to use them in Rest Api calls, like in this tutorial
https://community.hortonworks.com/articles/87160/creating-nifi-template-via-rest-api.html
At this nifi page is something written about setting username and password, but I dont understand it 😕
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration
I hope someone can help me.
Created 11-20-2017 06:44 PM
Hi Andy,
Your question is ambiguous -- are you looking to use NiFi to make an external HTTP REST request to some other service, and that service requires a username and password, or are you trying to perform behavior in NiFi (adding templates, process groups, etc.) and want to authenticate to NiFi in order to do this?
For the former, you'll need to provide the credentials as an Authorization header via an attribute in the InvokeHTTP (or similar) processor.
For the latter, you configure NiFi to use one or more authentication mechanisms -- client certificates, LDAP, Kerberos, or OpenID Connect. All but client certificates use a username/password combination, which you can then exchange for an access token as described in the first link you included. Once you have that auth token, you pass it on each request and NiFi verifies it to prove your identity.
Created 11-20-2017 06:44 PM
Hi Andy,
Your question is ambiguous -- are you looking to use NiFi to make an external HTTP REST request to some other service, and that service requires a username and password, or are you trying to perform behavior in NiFi (adding templates, process groups, etc.) and want to authenticate to NiFi in order to do this?
For the former, you'll need to provide the credentials as an Authorization header via an attribute in the InvokeHTTP (or similar) processor.
For the latter, you configure NiFi to use one or more authentication mechanisms -- client certificates, LDAP, Kerberos, or OpenID Connect. All but client certificates use a username/password combination, which you can then exchange for an access token as described in the first link you included. Once you have that auth token, you pass it on each request and NiFi verifies it to prove your identity.
Created 11-22-2017 11:26 AM
Im trieng to perform a behavior in Nifi. Okay so I need to configure LDAP, Kerberos, or OpenID Connect. Can u give me a suggestion which one I should use? I dont really know about LDAP, Kerberos, or OpenID Connect. Because of that I didnt understood the things described in https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration
Created 10-18-2018 09:49 AM
Hi, found your answer when I was looking for a solution to run NiFi InvokeHTTP with different credentials. Can you tell me how to do this => "For the former, you'll need to provide the credentials as an Authorization header via an attribute in the InvokeHTTP (or similar) processor."
Is it the "Attributes to Send" information to set? Couldn't get it work.
Thanks for your help!
Created on 10-18-2018 11:22 AM - edited 08-17-2019 09:44 PM
Justen, you do not need to provide a value for Attributes to Send if you are providing the Authorization header via a dynamic property on the InvokeHTTP processor (all dynamic properties are included as headers automatically). If the token value is coming as an attribute on the incoming flowfile, then you will need to provide a value for Attributes to Send -- you can use the explicit attribute name (key) if you only want to send that header, or a regular expression if you want to send more than one. I've linked to a template I just built which demonstrates this behavior. The dynamic property is already there -- to add one, you click the "+" icon on the top right of the Properties tab in the processor configuration.
Created 10-19-2018 06:35 AM
Created 11-22-2017 11:36 AM
Is this step by step guide legit for using OpenId Connect? https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect
Created 10-19-2018 06:11 PM
Yes, that guide is accurate example of using OpenID with google.