Support Questions

Find answers, ask questions, and share your expertise

How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

avatar

After LDAP configuration, if i execute a curl command and make NIFI REST Client call:

"curl -i -k -X GET https://URL/nifi-api/flow/process-groups/16fc1e19-12ed-133d-079e-613116e15383" i get the error:

"Unable to perform the desired action due to insufficient permissions. Contact the system administrator.".

Which means i need to use one of the options mentioned in /nifi-api/access/ - to authenticate and then perform the above curl command to succeed. The REST calls against /nifi-api/access works meaning:

"curl -i -k -X GET https://URL/nifi-api/access" returns:

"{"accessStatus":{"status":"UNKNOWN","message":"No credentials supplied, unknown user."}}"

1 ACCEPTED SOLUTION

avatar
Master Mentor

@Ramakrishnan V

You will need to use the following curl command to obtain a token for your LDAP user:

curl 'https://<hostname>:<port>/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data 'username=admin&password=admin' --compressed --insecure

Once you have your token you will need to pass that token as the bearer of all subsequent curl command you execute against the NiFi api by adding teh following to your curl commads:

-H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1hZG1pbixkYz1leGFtcGxlLGRjPW9yZyIsImlzcyI6IkxkYXBQcm92aWRlciIsIm
F1ZCI6IkxkYXBQcm92aWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwia2lkIjoxLCJleHAiOjE0ODcxNDM2OTEs
ImlhdCI6MTQ4NzEwMDQ5MX0.GwwJ0Yz4_KXUAMNIH500jw8YcIk3e6ZdcT3LCrrkHjc'

The odd string above is an example of the token you will get back from the first command.

Thanks,

Matt

View solution in original post

4 REPLIES 4

avatar
Master Mentor

@Ramakrishnan V

You will need to use the following curl command to obtain a token for your LDAP user:

curl 'https://<hostname>:<port>/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data 'username=admin&password=admin' --compressed --insecure

Once you have your token you will need to pass that token as the bearer of all subsequent curl command you execute against the NiFi api by adding teh following to your curl commads:

-H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1hZG1pbixkYz1leGFtcGxlLGRjPW9yZyIsImlzcyI6IkxkYXBQcm92aWRlciIsIm
F1ZCI6IkxkYXBQcm92aWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwia2lkIjoxLCJleHAiOjE0ODcxNDM2OTEs
ImlhdCI6MTQ4NzEwMDQ5MX0.GwwJ0Yz4_KXUAMNIH500jw8YcIk3e6ZdcT3LCrrkHjc'

The odd string above is an example of the token you will get back from the first command.

Thanks,

Matt

avatar

Thanks Matt, so in case if am using an Apache HTTP client package and executing the above rest calls within in a executable jar file, then i would need need to do decryption of encrypted password and hit it in the way above...

avatar
Rising Star

@Ramakrishnan V Just to clarify, is the password in your code encrypted? If so then yes, you would need to decrypt the password being sent in the request to /nifi-api/access/token. NiFi only supports username/password login's over HTTPS so that communication will be secure.

avatar

Yes, because we are using a generic application user id and we would have it encrypted in a property file.