Support Questions

Find answers, ask questions, and share your expertise

Get clientId value

avatar
Contributor

How do I get the Client Id to make any processor update using REST PUT call ?

3 REPLIES 3

avatar
Master Mentor

@nifier 

In order to answer this question, more detail is needed about your NiFi setup.

How is your NiFi authentication configured?  Are you authenticating to your secured NiFi via a ClientAuth user certificate, using LDAP/AD, Kerberos, Spnego, etc...?

Thank you,
Matt

avatar
Contributor

Hi @MattWho Thanks for your reply.

We are using LDAP to authenticate 

avatar
Master Mentor

@nifier 

Are you trying to build a dataflow on your NiFi canvas to programmatically to these rest-api calls or just looking to get a user token to used to make rest-api calls via some external process?

The easiest way to learn the rest-api calls it by using the developer tools in your browser.  Open developer tools and then perform the action of logging in via the browser to capture the rest-api call made to get your user token.  Developer tools will even give you the option to right click on the request and select copy as curl.  That being said the browser is going to add a bunch of additional headers that are not needed.

I generally discourage using ldap when building dataflows to automate rest-api call in NiFi.  Mainly because your username and password would exposed unencrypted in the dataflow where anyone with access could get it.   In this scenario, creating a private key clientAuth certificate would be the better way to go.  You can add your certificate to a StandardRestrictedSSLContextService where your password is encrypted, you don't need to worry about fetching user tokens,  or user token expiration.  A secured NiFi will always support MutualTLS even when ldap is also configured.  NiFi will WANT a clientAuth certificate first and only redirect to ldap when one is not provided.

Above being said, obtaining a user token using ldap-provider authentication can be done using below:

curl 'https://<nifi hostname>:<nifi port>/nifi-api/access/token' -H 'content-type: application/x-www-form-urlencoded;charset=UTF-8' --data-raw 'username=<username>&password=<user password>' --insecure


The bearer token received in response would need to be used in subsequent rest-api calls. Once the token expires you would need to get a new one.

Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt