Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

NiFi API & "Unable to validate the access token" error

Labels:
avatar
author-rank Raj_B
Expert Contributor

Created ‎04-14-2017 02:57 PM

Hello,

I'm getting the "Unable to validate the access token" when calling NiFi API, for all API end points that I checked. (I checked a few).

Following other posts in HCC, I'm first using the below call to get the access token, which is successful, it returns a token.

curl 'https://<nifi-server>:8077/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data 'username=<username>&password=<password>' --compressed --insecure

In the 2nd API call where I use the token from the above call, I'm getting the "Unable to validate the access token" for just about all end-points I checked. Below is one where I'm calling the System Diagnostics end point and returns the error.

curl 'https://<nifi-server>:8077/nifi-api/system-diagnostics' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1SUkJvbGxhLG91PURhdGEgTWFuYWdlbWVudCxvdT1QT0Usb3U9UGVvcGxlLGRjPW1kYW5kZXJzb24sZGM9ZWR1IiwiaXNzIjoiTGRhcFByb3ZpZGVyIiwiYXVkIjoiTGRhcFByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiUlJCb2xsYSIsImtpZCI6MzMsImV4cCI6MTQ5MjA5OTcyNiwiaWF0IjoxNDkyMDkyNTI2fQ.xIViD0Ea_fok6qV5ghnf65FPbO9Reh_MQxVG2Q1krl4%' --compressed --insecure

I checked the 2 posts about this error in HCC and per the suggestions there, 1) I made sure we have LDAP authentication enabled 2) I made sure I'm using the same server and port in both curl commands 3) I checked several API end points to rule out that my login does not have permissions to the specific API end point; I tried the following API end points and all of them return the same "Unable to validate the access token" error - flow/status, flow/history, flow/about, flow/search-results, processors/{id}

Do you guys see what's wrong with these API calls ?

Thanks in advance.

15,500 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank Wynner author-rank
Guru

Created ‎04-19-2017 01:15 PM

@Raj B

So, your basic flow is the sending systems pushes data to the load balancer and then the load balancer does a round robin approach to each node in the NiFi cluster?

What would the load balancer do if one of the nodes is down? Is it able to do automatic failover?

View solution in original post

15,246 Views
0
19 REPLIES 19

avatar
author-rank Raj_B
Expert Contributor

Created ‎04-18-2017 07:51 PM

@Wynner we are actually getting data in passive mode, it's being pushed to NiFi.

7,438 Views
0 Kudos

avatar
author-rank Wynner author-rank
Guru

Created ‎04-18-2017 09:31 PM

@Raj B

Are you using SFTP to push data?

7,438 Views
0 Kudos

avatar
author-rank Raj_B
Expert Contributor

Created ‎04-19-2017 12:11 AM

@Wynner

our sending system pushes messages via TCP/IP and it's real-time, over 100+ messages per minute;

7,438 Views
0 Kudos

avatar
author-rank Wynner author-rank
Guru

Created ‎04-19-2017 01:15 PM

@Raj B

So, your basic flow is the sending systems pushes data to the load balancer and then the load balancer does a round robin approach to each node in the NiFi cluster?

What would the load balancer do if one of the nodes is down? Is it able to do automatic failover?

15,247 Views
0

avatar
author-rank Raj_B
Expert Contributor

Created ‎04-19-2017 01:44 PM

That's correct.

The load balancer can do heartbeat checks to see which node is alive or not and send messages to only the active nodes. It is for this heartbeat check that I wanted to make a rest API call to the NiFi nodes to see if the node is available or not.

Without LDAP/SSL it worked just fine, load balancer was able to heartbeat checks on the nodes, no issues in making the API call to NiFi node; it is only after adding LDAP/SSL that I'm having issues with the curl command to work.

7,438 Views
0 Kudos

avatar
author-rank Wynner author-rank
Guru

Created ‎04-19-2017 05:50 PM

@Raj B

If you are only looking for a heartbeat, the fact that you can get a token back should be enough. So, you only need the one curl command that works?

7,438 Views
0 Kudos

avatar
author-rank Raj_B
Expert Contributor

Created ‎04-19-2017 06:04 PM

@Wynner

You're right, I didn't think about that.

But would receiving the API token by itself constitute that NiFi is up and running and fully functional ? I'm thinking yes (I'm not sure if a scenario is possible where you would get a token from an API call, but yet NiFi is not fully functional); I want to confirm that since we'll eventually be using that mechanism in our PROD environment.

7,438 Views
0 Kudos

avatar
author-rank Wynner author-rank
Guru

Created ‎04-19-2017 07:03 PM

@Raj B

I cannot see a situation where you would get a token back, but not be able to use NiFi.

7,438 Views
0 Kudos

avatar
author-rank Raj_B
Expert Contributor

Created ‎04-19-2017 07:06 PM

@wynner, thanks for confirming;

and special thanks for following up with me on this question over the last few days and finally leading me to a solution that works.

7,438 Views
0 Kudos

avatar
author-rank varunprasad_n
Explorer

Created ‎06-11-2018 01:01 PM

Hi, How did you solve the issue with " Unable to validate the access token. "

7,438 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements