Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Monitoring NiFi and 401 error api check

avatar
New Contributor

Hi everyone,

I've trying to monitoring nifi api. In our nifi we have configure oidc login and it works fine.

As monitoring, we using zabbix.

The problem in zabbix is when try to check api page (https://nificluster.info/nifi-api/flow/cluster/summary) and I receive http 401 error.

 

In the web scenario monitoring, I have configured 2 steps:

 

  1. connect to https://nificluster.info/nifi/  with login and password. This steps it's ok, the required string - "log out" - and required status code 200 works. In this step I've configured viariables username, password for logging and follow redirects flag enable.
  2. connect to api https://nificluster.info/nifi-api/flow/cluster/summary without any parameters except requird string with number of cluster nodes and required status code 200

.

Who could help me resolve this 401 error on the api nifi?

 

1 ACCEPTED SOLUTION

avatar
New Contributor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
2 REPLIES 2

avatar
Super Mentor

@Olwe 
How is zabbix authenticating it self with your NiFi?  When NiFi is secured, all clients must be authenticated and authorized.   An HTTP 401 means the client was not authorized.

NiFi does not use sessions.  So when a user logs in via a username and password, if the authentication was successful, a bearer token is issued for the user for that specific NiFi node.   That bearer token will remain valid for the duration configured in your NiFi login provider or until the logout endpoint is invoked.  The client is expected to include that bearer token in all subsequent requests.  If you hit a NiFi rest-api endpoint like .../nifi-api/flow/cluster/summary without a bearer token or a client certificate, the client will be treated as "anonymous" and not authorized.   You should see this unauthorized endpoint request logged in the nifi-user.log.  When you access rest-api endpoints via the browser which you used to login, the browser takes care of including the bearer token.  I am not familiar with Zabbix, but same requirements exist (get bearer token and include bearer token in future rest-api calls)

For example, obtaining a token using a login provider:

curl 'https://<nifi-hostname>:<nifi-port>/nifi-api/access/token' \
  --data-raw 'username=<username>&password=<password>' \
  --compressed \
  --insecure

Above will return the <bearer token>.

Then you would use that bearer token in your future rest-api requests:

curl 'https://<nifi-hostname>:<nifi-port>/nifi-api/flow/cluster/summary' \
  -H 'Authorization: Bearer <bearer token>' \
  --compressed \
  --insecure

 

If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.

 

Thank you,

Matt

avatar
New Contributor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login