Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

Solved Go to solution

How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

New Contributor

After LDAP configuration, if i execute a curl command and make NIFI REST Client call:

"curl -i -k -X GET https://URL/nifi-api/flow/process-groups/16fc1e19-12ed-133d-079e-613116e15383" i get the error:

"Unable to perform the desired action due to insufficient permissions. Contact the system administrator.".

Which means i need to use one of the options mentioned in /nifi-api/access/ - to authenticate and then perform the above curl command to succeed. The REST calls against /nifi-api/access works meaning:

"curl -i -k -X GET https://URL/nifi-api/access" returns:

"{"accessStatus":{"status":"UNKNOWN","message":"No credentials supplied, unknown user."}}"

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

Master Guru

@Ramakrishnan V

You will need to use the following curl command to obtain a token for your LDAP user:

curl 'https://<hostname>:<port>/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data 'username=admin&password=admin' --compressed --insecure

Once you have your token you will need to pass that token as the bearer of all subsequent curl command you execute against the NiFi api by adding teh following to your curl commads:

-H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1hZG1pbixkYz1leGFtcGxlLGRjPW9yZyIsImlzcyI6IkxkYXBQcm92aWRlciIsIm
F1ZCI6IkxkYXBQcm92aWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwia2lkIjoxLCJleHAiOjE0ODcxNDM2OTEs
ImlhdCI6MTQ4NzEwMDQ5MX0.GwwJ0Yz4_KXUAMNIH500jw8YcIk3e6ZdcT3LCrrkHjc'

The odd string above is an example of the token you will get back from the first command.

Thanks,

Matt

4 REPLIES 4

Re: How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

Master Guru

@Ramakrishnan V

You will need to use the following curl command to obtain a token for your LDAP user:

curl 'https://<hostname>:<port>/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data 'username=admin&password=admin' --compressed --insecure

Once you have your token you will need to pass that token as the bearer of all subsequent curl command you execute against the NiFi api by adding teh following to your curl commads:

-H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1hZG1pbixkYz1leGFtcGxlLGRjPW9yZyIsImlzcyI6IkxkYXBQcm92aWRlciIsIm
F1ZCI6IkxkYXBQcm92aWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwia2lkIjoxLCJleHAiOjE0ODcxNDM2OTEs
ImlhdCI6MTQ4NzEwMDQ5MX0.GwwJ0Yz4_KXUAMNIH500jw8YcIk3e6ZdcT3LCrrkHjc'

The odd string above is an example of the token you will get back from the first command.

Thanks,

Matt

Re: How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

New Contributor

Thanks Matt, so in case if am using an Apache HTTP client package and executing the above rest calls within in a executable jar file, then i would need need to do decryption of encrypted password and hit it in the way above...

Re: How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

Contributor

@Ramakrishnan V Just to clarify, is the password in your code encrypted? If so then yes, you would need to decrypt the password being sent in the request to /nifi-api/access/token. NiFi only supports username/password login's over HTTPS so that communication will be secure.

Highlighted

Re: How to authenticate when LDAP is configured to get ACCESS tocken to execute NIFI REST Client calls?

New Contributor

Yes, because we are using a generic application user id and we would have it encrypted in a property file.

Don't have an account?
Coming from Hortonworks? Activate your account here