Created 02-11-2022 08:42 AM
Hello,
I would like to connect my Airflow application with my Apache Nifi application though the Apache Nifi API. The aim is to let the Airflow orchestrate my entire flow.
My Apache Nifi authentication is made via the OpenId protocol on a Keycloak application so I first get a token via a call to the auth/realms/myrealms/protocol/openid-connect/token and then with the generated JWT, I call the nifi-api to catch some processors, passing the JWT as a bearer token, I have got the following error :
Bearer error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"
I tried the same curl call to the processor, using the token I get when I connect with the UserInterface, and I get a success.
I supposed it may be due to the internal user policy of Nifi who rejecte me so I added username and email of the first token to the Nifi policy, but it change nothing.
Does someone may help me please?
Thanks
Created 03-01-2023 09:44 AM
@bmoisson @Sumit6620
When you authenticate via NiFi, there is both a client JWT token generated and a server side key generated on the node on which the authentication was performed. That Client JWT token can then be used to perform calls to rest-api endpoints on that node only for which that client is authorized.
When you are obtaining your JWT token from an external authentication endpoint, NiFi won't have the server side token need to validate that token and thus rejects that token.
You can find the various methods of authentication that can be configured in Apache NiFi here:
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication
If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.
Thank you,
Matt
Created 02-28-2023 08:51 PM
I am also facing the same issue. Pls, help me.
Created 03-01-2023 09:44 AM
@bmoisson @Sumit6620
When you authenticate via NiFi, there is both a client JWT token generated and a server side key generated on the node on which the authentication was performed. That Client JWT token can then be used to perform calls to rest-api endpoints on that node only for which that client is authorized.
When you are obtaining your JWT token from an external authentication endpoint, NiFi won't have the server side token need to validate that token and thus rejects that token.
You can find the various methods of authentication that can be configured in Apache NiFi here:
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication
If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.
Thank you,
Matt
Created 05-03-2023 01:24 AM
i aslo face that problem can you provid code exmaple of the solution?