Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

Labels:
avatar
author-rank ramkrish9198
Explorer

Created ‎02-23-2017 01:07 PM

After LDAP configuration, if i execute a curl command and make NIFI REST Client call:

"curl -i -k -X GET https://URL/nifi-api/flow/process-groups/16fc1e19-12ed-133d-079e-613116e15383" i get the error:

"Unable to perform the desired action due to insufficient permissions. Contact the system administrator.".

Which means i need to use one of the options mentioned in /nifi-api/access/ - to authenticate and then perform the above curl command to succeed. The REST calls against /nifi-api/access works meaning:

"curl -i -k -X GET https://URL/nifi-api/access" returns:

"{"accessStatus":{"status":"UNKNOWN","message":"No credentials supplied, unknown user."}}"

3,611 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎02-23-2017 01:12 PM

@Ramakrishnan V

You will need to use the following curl command to obtain a token for your LDAP user: 

curl 'https://<hostname>:<port>/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data 'username=admin&password=admin' --compressed --insecure

Once you have your token you will need to pass that token as the bearer of all subsequent curl command you execute against the NiFi api by adding teh following to your curl commads:

-H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1hZG1pbixkYz1leGFtcGxlLGRjPW9yZyIsImlzcyI6IkxkYXBQcm92aWRlciIsIm
F1ZCI6IkxkYXBQcm92aWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwia2lkIjoxLCJleHAiOjE0ODcxNDM2OTEs
ImlhdCI6MTQ4NzEwMDQ5MX0.GwwJ0Yz4_KXUAMNIH500jw8YcIk3e6ZdcT3LCrrkHjc'

The odd string above is an example of the token you will get back from the first command.

Thanks,

Matt

View solution in original post

3,059 Views
4 REPLIES 4

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎02-23-2017 01:12 PM

@Ramakrishnan V

You will need to use the following curl command to obtain a token for your LDAP user: 

curl 'https://<hostname>:<port>/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data 'username=admin&password=admin' --compressed --insecure

Once you have your token you will need to pass that token as the bearer of all subsequent curl command you execute against the NiFi api by adding teh following to your curl commads:

-H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1hZG1pbixkYz1leGFtcGxlLGRjPW9yZyIsImlzcyI6IkxkYXBQcm92aWRlciIsIm
F1ZCI6IkxkYXBQcm92aWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwia2lkIjoxLCJleHAiOjE0ODcxNDM2OTEs
ImlhdCI6MTQ4NzEwMDQ5MX0.GwwJ0Yz4_KXUAMNIH500jw8YcIk3e6ZdcT3LCrrkHjc'

The odd string above is an example of the token you will get back from the first command.

Thanks,

Matt

3,060 Views

avatar
author-rank ramkrish9198
Explorer

Created ‎02-23-2017 02:38 PM

Thanks Matt, so in case if am using an Apache HTTP client package and executing the above rest calls within in a executable jar file, then i would need need to do decryption of encrypted password and hit it in the way above...

3,058 Views
0 Kudos

avatar
author-rank mgilman author-rank
Rising Star

Created ‎02-23-2017 05:28 PM

@Ramakrishnan V Just to clarify, is the password in your code encrypted? If so then yes, you would need to decrypt the password being sent in the request to /nifi-api/access/token. NiFi only supports username/password login's over HTTPS so that communication will be secure.

3,059 Views
0 Kudos

avatar
author-rank ramkrish9198
Explorer

Created ‎02-28-2017 09:09 AM

Yes, because we are using a generic application user id and we would have it encrypted in a property file.

3,059 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements