Support Questions

Find answers, ask questions, and share your expertise

Apache Nifi - username password for Rest Api

avatar
Contributor

Hi,

where and how exactly can i set a username and password in Nifi?

I want to use them in Rest Api calls, like in this tutorial

https://community.hortonworks.com/articles/87160/creating-nifi-template-via-rest-api.html

At this nifi page is something written about setting username and password, but I dont understand it 😕

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration

I hope someone can help me.

1 ACCEPTED SOLUTION

avatar

Hi Andy,

Your question is ambiguous -- are you looking to use NiFi to make an external HTTP REST request to some other service, and that service requires a username and password, or are you trying to perform behavior in NiFi (adding templates, process groups, etc.) and want to authenticate to NiFi in order to do this?

For the former, you'll need to provide the credentials as an Authorization header via an attribute in the InvokeHTTP (or similar) processor.

For the latter, you configure NiFi to use one or more authentication mechanisms -- client certificates, LDAP, Kerberos, or OpenID Connect. All but client certificates use a username/password combination, which you can then exchange for an access token as described in the first link you included. Once you have that auth token, you pass it on each request and NiFi verifies it to prove your identity.

View solution in original post

7 REPLIES 7

avatar

Hi Andy,

Your question is ambiguous -- are you looking to use NiFi to make an external HTTP REST request to some other service, and that service requires a username and password, or are you trying to perform behavior in NiFi (adding templates, process groups, etc.) and want to authenticate to NiFi in order to do this?

For the former, you'll need to provide the credentials as an Authorization header via an attribute in the InvokeHTTP (or similar) processor.

For the latter, you configure NiFi to use one or more authentication mechanisms -- client certificates, LDAP, Kerberos, or OpenID Connect. All but client certificates use a username/password combination, which you can then exchange for an access token as described in the first link you included. Once you have that auth token, you pass it on each request and NiFi verifies it to prove your identity.

avatar
Contributor

Im trieng to perform a behavior in Nifi. Okay so I need to configure LDAP, Kerberos, or OpenID Connect. Can u give me a suggestion which one I should use? I dont really know about LDAP, Kerberos, or OpenID Connect. Because of that I didnt understood the things described in https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration

avatar
Master Collaborator

@Andy LoPresto

Hi, found your answer when I was looking for a solution to run NiFi InvokeHTTP with different credentials. Can you tell me how to do this => "For the former, you'll need to provide the credentials as an Authorization header via an attribute in the InvokeHTTP (or similar) processor."

Is it the "Attributes to Send" information to set? Couldn't get it work.

Thanks for your help!

avatar

Justen, you do not need to provide a value for Attributes to Send if you are providing the Authorization header via a dynamic property on the InvokeHTTP processor (all dynamic properties are included as headers automatically). If the token value is coming as an attribute on the incoming flowfile, then you will need to provide a value for Attributes to Send -- you can use the explicit attribute name (key) if you only want to send that header, or a regular expression if you want to send more than one. I've linked to a template I just built which demonstrates this behavior. The dynamic property is already there -- to add one, you click the "+" icon on the top right of the Properties tab in the processor configuration.

92901-screen-shot-2018-10-18-at-81528-pm-compressed.png

avatar
Master Collaborator

@Andy LoPresto

Hi Andy, thank you so much for your quick and detailed response, really great! It works perfect, you made my day!

avatar
Contributor

Is this step by step guide legit for using OpenId Connect? https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect

avatar
Master Mentor

@Andy Gisbo

Yes, that guide is accurate example of using OpenID with google.