Support Questions

toandyliang · ‎02-08-2017

Hi,

I am working on a project which is using the HandleHttpRequest processor and we need the client Authentication.

After we set the Client Authentication of HandleHttpRequest processor to "Need Authentication", what other configuration is need?

According to the document, This value is ignored if the <SSL Context Service> Property is not specified or the SSL Context provided uses only a KeyStore and not a TrustStore. Any detail information or example is available?

Thanks a lot

Andy

pvillard · ‎02-08-2017

Hi @Andy Liang,

If you want to apply "Need Authentication" (check that the user is correctly authenticated), then you need to fill the SSL context service property. For that you have to create a standard SSL context service where you provide keystore and truststore available on NiFi host that you want to use. The keystore will contain the key used by the server, the truststore will contain the certificates of the clients the server should trust. In your case the truststore should contain the certificate of the client you want to authenticate (or if you have one, you could use a Certificate Authority so that you don't need to add a new certificate for each new client).

You may want to read:

- https://community.hortonworks.com/articles/27033/https-endpoint-in-nifi-flow.html

- https://community.hortonworks.com/questions/19476/connecting-to-facebook-graph-api-using-nifi-postht...

The latter is not about HandleHttpRequest but will maybe bring some clarifications around SSL context service.

As a final side note: if you need to perform a login/password authentication like Basic Authentication (with HTTP headers), then you don't need all of this, and you just need to check the attributes sent by the user in the request with a RouteOnAttribute processor and using the expression language.

Hope this helps a bit.

View solution in original post

pvillard · ‎02-08-2017

Hi @Andy Liang,

If you want to apply "Need Authentication" (check that the user is correctly authenticated), then you need to fill the SSL context service property. For that you have to create a standard SSL context service where you provide keystore and truststore available on NiFi host that you want to use. The keystore will contain the key used by the server, the truststore will contain the certificates of the clients the server should trust. In your case the truststore should contain the certificate of the client you want to authenticate (or if you have one, you could use a Certificate Authority so that you don't need to add a new certificate for each new client).

You may want to read:

- https://community.hortonworks.com/articles/27033/https-endpoint-in-nifi-flow.html

- https://community.hortonworks.com/questions/19476/connecting-to-facebook-graph-api-using-nifi-postht...

The latter is not about HandleHttpRequest but will maybe bring some clarifications around SSL context service.

As a final side note: if you need to perform a login/password authentication like Basic Authentication (with HTTP headers), then you don't need all of this, and you just need to check the attributes sent by the user in the request with a RouteOnAttribute processor and using the expression language.

Hope this helps a bit.

toandyliang · ‎02-09-2017

@Pierre Villard Thank you very much for the information. and I also learned a lot from your Nifi templates on github.

gvkarthik93 · ‎01-15-2019

@Pierre Villard @Andy Liang could you tell how to do the second approach you've suggest?

"As a final side note: if you need to perform a login/password authentication like Basic Authentication (with HTTP headers), then you don't need all of this, and you just need to check the attributes sent by the user in the request with a RouteOnAttribute processor and using the expression language."

Cloudera Community

Support Questions

HandleHttpRequest -- Client Authentication configuration